CVSS: 9.3EPSS: 2%CPEs: 10EXPL: 0CVE-2012-4953
https://notcve.org/view.php?id=CVE-2012-4953
The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file. El motor de descomposición en Symantec Endpoint Protection (SEP) v11.0, Symantec Endpoint Protection Small Business Edition v12.0, Symantec AntiVirus Corporate Edition (SAVCE) v10.x y Symantec Scan Engine (ESE) antes de v5.2.8 no realiza , de forma adecuada, comprobaciones sobre los límites de los contenidos de los archivos CAB, lo que permite a atacantes remotos provocar una denegación de servicio (por caída de la aplicación) o posiblemente ejecutar código de su elección a través de un archivo modificado. • http://www.kb.cert.org/vuls/id/985625 http://www.securityfocus.com/bid/56399 http://www.securitytracker.com/id?1027726 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121107_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0CVE-2012-0306
https://notcve.org/view.php?id=CVE-2012-0306
Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file. Symantec Ghost Solution Suite v2.x hasta v2.5.1 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo de copia de seguridad manipulado. • http://www.securityfocus.com/bid/55748 http://www.securitytracker.com/id?1027648 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121010_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.9EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3582
https://notcve.org/view.php?id=CVE-2012-3582
Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's session. Symantec PGP Universal Server 3.2.x anterior a 3.2.1 MP2 no gestiona adecuadamente las sesiones que incluyen solicitudes de clave de búsqueda, permitiendo a atacantes remotos leer una clave privada en circunstancias oportunistas haciendo una petición casi al final de la sesión de un usuario. • http://www.securityfocus.com/bid/55246 http://www.securitytracker.com/id?1027467 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120830_00 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2012-3581
https://notcve.org/view.php?id=CVE-2012-3581
Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. Symantec Messaging Gateway anterior a v10.0 permite a atacantes remotos obtener información potencialmente sensible sobre versiones de componentes a través de vectores no especificados. • http://www.securityfocus.com/bid/55142 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2012-3580
https://notcve.org/view.php?id=CVE-2012-3580
Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. Symantec Messaging Gateway anterior a v10.0 permite a usuarios autenticados de forma remota modificar la aplicación web aprovechando el acceso a la interfaz de gestión. • http://www.securityfocus.com/bid/55141 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/78032 •