NotCVE - vendor:"Symantec" product:"Message Gateway" version:" <= 10.6.1-3"

10 results (0.012 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-12751

https://notcve.org/view.php?id=CVE-2019-12751

11 Jul 2019 — Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. El producto Symantec Messaging Gateway, anteriores a la versión 10.7.1, puede ser susceptible a una vulnerabilidad de escalada de privilegios, que es un tipo de problema mediante el cual un atacante puede intentar com... • http://www.securityfocus.com/bid/108925 •

CVSS: 8.8EPSS: 85%CPEs: 1EXPL: 2

CVE-2017-6327 – Symantec Messaging Gateway Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2017-6327

11 Aug 2017 — The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges. En versiones anteriores a la 10.6.3-267 de Symantec Messaging Gateway puede encontrarse un problema de ejecución remota de código que describe una sit... • https://packetstorm.news/files/id/143821 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-6328 – Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2017-6328

11 Aug 2017 — The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser. Symantec Messaging Gateway en versiones anteriores a la 10.6.3-267 puede encontrarse con un problema de tipo ... • https://www.exploit-db.com/exploits/42613 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 23%CPEs: 44EXPL: 2

CVE-2016-2207 – Symantec AntiVirus - Unpacking RAR Multiple Remote Memory Corruptions

https://notcve.org/view.php?id=CVE-2016-2207

29 Jun 2016 — The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 thro... • https://packetstorm.news/files/id/137706 • CWE-20: Improper Input Validation •

CVSS: 9.0EPSS: 39%CPEs: 44EXPL: 2

CVE-2016-2209 – Symantec AntiVirus - PowerPoint Misaligned Stream-cache Remote Stack Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2016-2209

29 Jun 2016 — Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for Sha... • https://packetstorm.news/files/id/137712 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.0EPSS: 39%CPEs: 44EXPL: 2

CVE-2016-2210 – Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2016-2210

29 Jun 2016 — Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for Sh... • https://packetstorm.news/files/id/137707 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 10%CPEs: 44EXPL: 1

CVE-2016-2211 – Symantec Antivirus MSPACK Unpacking Memory Corruption

https://notcve.org/view.php?id=CVE-2016-2211

CVSS: 10.0EPSS: 21%CPEs: 37EXPL: 2

CVE-2016-3644 – Symantec AntiVirus - Heap Overflow Modifying MIME Messages

https://notcve.org/view.php?id=CVE-2016-3644

CVSS: 10.0EPSS: 53%CPEs: 37EXPL: 2

CVE-2016-3645 – Symantec AntiVirus - TNEF Decoder Integer Overflow

https://notcve.org/view.php?id=CVE-2016-3645

29 Jun 2016 — Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection... • https://packetstorm.news/files/id/137710 • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 23%CPEs: 37EXPL: 2

CVE-2016-3646 – Symantec AntiVirus - Missing Bounds Checks in dec2zip ALPkOldFormatDecompressor::UnShrink

https://notcve.org/view.php?id=CVE-2016-3646