CVE-2017-13193

In ihevcddecode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction i...

CVE-2017-13214

In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android...

CVE-2017-13197

In the ihevcdparseslice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1...

Memory Corruption Vulnerability in Multiple Symantec and Norton Products (CNVD-2016-04437)

Symantec Advanced Threat Protection ATP, Symantec Embedded Security:Critical System Protection SES:CSP and Symantec Data Center Security: Server Advanced SDCS:SA are security products from Symantec Corporation. Advanced SDCS:SA are security products from Symantec, Inc. ATP is a suite of software...

CVE-2015-8800

Symantec Embedded Security: Critical System Protection SES:CSP 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices SES:CSP 6.5.0 before MP1, Critical System Protection SCSP before 5.2.9 MP6, Data Center Security: Server Advanced Server DCS:SA 6.x before...

Design/Logic Flaw

Symantec Embedded Security: Critical System Protection SES:CSP 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices SES:CSP 6.5.0 before MP1, Critical System Protection SCSP before 5.2.9 MP6, Data Center Security: Server Advanced Server DCS:SA 6.x before...

CVE-2015-8799

CVE-2015-8799 is a directory-traversal vulnerability in the Management Server of Symantec SES:CSP/SCSP/DCS:SA products. It allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors, potentially enabling code execution on affected agents. A...

CVE-2015-8800

Symantec Embedded Security: Critical System Protection SES:CSP 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices SES:CSP 6.5.0 before MP1, Critical System Protection SCSP before 5.2.9 MP6, Data Center Security: Server Advanced Server DCS:SA 6.x before...

CVE-2015-8800

CVE-2015-8800 affects Symantec SES:CSP/SDCS:SA and related components: SES:CSP 1.0.x before 1.0 MP5, SES:CSP for Controllers and Devices 6.5.0 before MP1, SCSP before 5.2.9 MP6, DCS:SA 6.x before 6.5 MP1 and 6.6 before MP1, and DCS:SA and Agents through 6.6 MP1. The issue allows remote authentica...

CVE-2015-8799

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection SES:CSP 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices SES:CSP 6.5.0 before MP1, Critical System Protection SCSP before 5.2.9 MP6,...

CVE-2015-8798

CVE-2015-8798 describes a directory traversal vulnerability in the Management Server of Symantec’s SES:CSP/SDCS:SA family. Affected products include SES:CSP 1.0.x (before 1.0 MP5), SES:CSP for Controllers and Devices 6.5.0 (before MP1), SCSP 5.2.9 (before MP6), DCS:SA 6.x (before 6.5 MP1) and 6.6...

Symantec Embedded Security: Critical System Protection and Symantec Data Center Security: Server Advanced SQL Injection Vulnerabilities

Symantec Embedded Security:Critical System Protection SES:CSP and Symantec Data Center Security: Server Advanced SDCS:SA are both security products from Symantec Corporation. SES:CSP is a lightweight intrusion detection and prevention system client product; SDCS:SA provides security for physical...

Symantec Embedded Security: Critical System Protection and Symantec Data Center Security: Server Advanced Arbitrary Code Execution Vulnerabilities

Symantec Embedded Security:Critical System Protection SES:CSP and Symantec Data Center Security: Server Advanced SDCS:SA are both security products from Symantec Corporation. SES:CSP is a lightweight intrusion detection and prevention system client product; SDCS:SA provides security for physical...

Symantec Embedded Security: Critical System Protection and Symantec Data Center Security: Server Advanced Elevation of Privilege Vulnerabilities

Symantec Embedded Security:Critical System Protection SES:CSP and Symantec Data Center Security: Server Advanced SDCS:SA are both security products from Symantec Corporation. SES:CSP is a lightweight intrusion detection and prevention system client product; SDCS:SA provides security for physical...

Symantec Embedded Security:Critical System Protection and Symantec Data Center Security: Server Advanced Security Bypass Vulnerabilities

Symantec Embedded Security:Critical System Protection SES:CSP and Symantec Data Center Security: Server Advanced SDCS:SA are both security products from Symantec Corporation. SES:CSP is a lightweight intrusion detection and prevention system client product; SDCS:SA provides security for physical...

Symantec Embedded Security: Critical System Protection and Symantec Data Center Security: Server Adv

SUMMARY Symantec Embedded Security: Critical System Protection SES:CSP and Data Center Security: Server Advanced SDCS:SA were susceptible to security issues in the management server and deployed agents which could enable unauthorized elevated access, bypassing security protection on agents,...

Symantec Data Center Security - Multiple Vulnerabilities

Symantec Data Center Security: Server Advanced SDCS:SA and Symantec Critical System Protection SCSP suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities. ======================================================================= title:...

Symantec Critical System Protection 5.2.9.x < 5.2.9 MP6 Multiple Vulnerabilities (SYM15-001 / SYM16-009)

The version of Symantec Critical System Protection SCSP installed on the remote Windows host is 5.2.9.x prior to 5.2.9 MP6. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Management Server Agent Control Interface due to improper...

CVE-2014-9225

The ajaxswing webui in the management server in Symantec Critical System Protection SCSP 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors...

CVE-2014-7289

SQL injection vulnerability in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request...