CVE-2024-23617 – Symantec Data Loss Prevention Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-23617
A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution. Existe una vulnerabilidad de desbordamiento de búfer en Symantec Data Loss Prevention versión 14.0.2 y anteriores. Un atacante remoto y no autenticado puede aprovechar esta vulnerabilidad incitando a un usuario a abrir un documento manipulado para lograr la ejecución del código. • https://blog.exodusintel.com/2024/01/25/symantec-data-loss-prevention-wp6sr-dll-stack-buffer-overflow-remote-code-execution • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2015-8799
https://notcve.org/view.php?id=CVE-2015-8799
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors. Vulnerabilidad de salto de directorio en el Management Server en Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x en versiones anteriores a 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 en versiones anteriores a MP1, Critical System Protection (SCSP) en versiones anteriores a 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x en versiones anteriores a 6.5 MP1 y 6.6 en versiones anteriores a MP1 y Data Center Security: Server Advanced Server y Agents (DCS:SA) hasta la versión 6.6 MP1 permite a usuarios remotos autenticados escribir los datos de actualización de paquete en localizaciones de agentes arbitrarias a través de vectores no especificados. • http://www.securityfocus.com/bid/90885 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •