CVE-2016-5311
https://notcve.org/view.php?id=CVE-2016-5311
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. Se presenta una vulnerabilidad de escalada de privilegios en Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud y Endpoint Protection Cloud Client, debido a una precarga de DLL sin restricciones de ruta, que podría permitir a un usuario malicioso local obtener privilegios system. • http://www.securityfocus.com/bid/94295 http://www.securitytracker.com/id/1037323 http://www.securitytracker.com/id/1037324 http://www.securitytracker.com/id/1037325 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00 • CWE-427: Uncontrolled Search Path Element •
CVE-2017-15530
https://notcve.org/view.php?id=CVE-2017-15530
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings. Antes de la versión 4.4.1.10, Norton Family Android App puede ser susceptible a un problema de filtrado de información. El filtrado de información es un problema muy común que los atacantes intentarán explotar como un primer paso en la aplicación. • http://www.securityfocus.com/bid/102120 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-15529
https://notcve.org/view.php?id=CVE-2017-15529
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network. Antes de la versión 4.4.1.10, Norton Family Android App puede ser susceptible a un exploit de Denegación de servicio (DoS). Durante un ataque DoS, el infractor intenta hacer que un dispositivo en concreto se vuelva inutilizable para su usuario planeado mediante la interrupción temporal o indefinida de un host específico en una red. • http://www.securityfocus.com/bid/102119 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00 • CWE-400: Uncontrolled Resource Consumption •