CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0CVE-2014-3436
https://notcve.org/view.php?id=CVE-2014-3436
Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size. Symantec Encryption Desktop 10.3.x anterior a 10.3.2 MP3, y Symantec PGP Desktop 10.0.x hasta 10.2.x, permite a atacantes remotos causar una denegación de servicio (consumo CPU y memoria) a través de un mensaje de e-mail cifrado manipulado que se descomprime a un tamaño más grande. • http://www.securityfocus.com/bid/69259 http://www.securitytracker.com/id/1030761 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140821_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/95406 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2014-3431
https://notcve.org/view.php?id=CVE-2014-3431
Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. Symantec PGP Desktop 10.x, y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP2, en OS X utiliza permisos de lectura universal para ficheros temporales, lo que permite a usuarios locales evadir restricciones sobre la lectura de ficheros, modificación, creación y cambios de permisos a través de vectores no especificados. • http://secunia.com/advisories/59421 http://www.securityfocus.com/bid/68077 http://www.securitytracker.com/id/1030454 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.6EPSS: 0%CPEs: 13EXPL: 0CVE-2014-1647
https://notcve.org/view.php?id=CVE-2014-1647
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate. Symantec PGP Desktop 10.0.x hasta 10.2.x y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP1 no realizan debidamente movimientos de bloques de datos, lo que permite a atacantes remotos causar una denegación de servicio (violación de lectura de acceso y caída de aplicación) a través de un certificado malformado. • http://www.securityfocus.com/bid/67020 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.6EPSS: 0%CPEs: 13EXPL: 0CVE-2014-1646
https://notcve.org/view.php?id=CVE-2014-1646
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate. Symantec PGP Desktop 10.0.x hasta 10.2.x y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP1 no realiza debidamente copias de memoria, lo que permite a atacantes remotos causar una denegación de servicio (violación de lectura de acceso y caída de aplicación) a través de un certificado malformado. • http://www.securityfocus.com/bid/67016 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1610
https://notcve.org/view.php?id=CVE-2013-1610
Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory. Vulnerabilidad de búsqueda de ruta no entrecomillada en Windows en RDDService en Symantec PGP Desktop v10.0.x hasta v10.2.x y Symantec Encryption Desktop v10.3.0 antes de MP3, permite a usuarios locales conseguir privilegios a través de una aplicación de caballo de Troya en el directorio %SYSTEMDRIVE% directorio de nivel superior. • http://www.securityfocus.com/bid/61489 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_01 •