CVSS: 2.6EPSS: 0%CPEs: 13EXPL: 0CVE-2014-1647
https://notcve.org/view.php?id=CVE-2014-1647
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate. Symantec PGP Desktop 10.0.x hasta 10.2.x y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP1 no realizan debidamente movimientos de bloques de datos, lo que permite a atacantes remotos causar una denegación de servicio (violación de lectura de acceso y caída de aplicación) a través de un certificado malformado. • http://www.securityfocus.com/bid/67020 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.6EPSS: 0%CPEs: 13EXPL: 0CVE-2014-1646
https://notcve.org/view.php?id=CVE-2014-1646
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate. Symantec PGP Desktop 10.0.x hasta 10.2.x y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP1 no realiza debidamente copias de memoria, lo que permite a atacantes remotos causar una denegación de servicio (violación de lectura de acceso y caída de aplicación) a través de un certificado malformado. • http://www.securityfocus.com/bid/67016 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 43%CPEs: 6EXPL: 1CVE-2014-1648 – Symantec Messaging Gateway 10.5.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-1648
Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. Vulnerabilidad de XSS en brightmail/setting/compliance/DlpConnectFlow$view.flo en la consola de gestión en Symantec Messaging Gateway 10.x anterior a 10.5.2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro displayTab. Symantec Messaging Gateway version 10.5.1 suffers from a reflective cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2014/Apr/256 http://www.securityfocus.com/bid/66966 http://www.securitytracker.com/id/1030136 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140422_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 86%CPEs: 9EXPL: 0CVE-2014-1644
https://notcve.org/view.php?id=CVE-2014-1644
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account. La funcionalidad forgotten-password en forcepasswd.do en la GUI de gestión en Symantec LiveUpdate Administrator (LUA) 2.x anterior a 2.3.2.110 permite a atacantes remotos restablecer contraseñas arbitrarias proporcionando la dirección de email asociada con una cuenta de usuario. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html http://www.securityfocus.com/bid/66399 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140327_00 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 41%CPEs: 9EXPL: 0CVE-2014-1645
https://notcve.org/view.php?id=CVE-2014-1645
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en forcepasswd.do en la GUI de gestión en Symantec LiveUpdate Administrator (LUA) 2.x anterior a 2.3.2.110 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html http://www.securityfocus.com/bid/66400 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140327_00 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •