9 matches found
OpenSSH Vulnerabilities Jan-Aug 2018
SUMMARY Symantec Network Protection products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker, with access to the management interface, can obtain usernames for valid SSH users and cause denial of service through application crashes. AFFECTED PRODUC...
Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018
SUMMARY Symantec Network Protection products using affected versions of Apache httpd are susceptible to multiple security vulnerabilities. A remote attacker can obtain sensitive information, bypass intended security restrictions, modify session information in CGI applications, replay authenticate...
OpenSSL Vulnerabilities 16-Apr-2018 and 12-Jun-2018
SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A malicious SSL/TLS server can send large DH parameters during connections using DH/DHE cipher suites and cause denial-of-service in the SSL/TLS client. A local attacker can...
SA160: Return of the Bleichenbacher Oracle Threat (ROBOT)
SUMMARY Symantec Network Protection products using affected SSL/TLS server implementations and RSA key exchange are susceptible to a variation of the Bleichenbacher adaptive chosen ciphertext attack. A remote attacker, who has captured a pre-recorded encrypted SSL session to the target, can...
SA165: NTP Vulnerabilities February 2018
SUMMARY Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code, modify the target's system time, prevent the target fro...
SA159: OpenSSL Vulnerabilities 7-Dec-2017
SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to two security vulnerabilities. A remote attacker can obtain Diffie-Hellman private key information and sensitive information accidentally transmitted in plaintext over an SSL/TLS connection. AFFECTED...
SA153: NSS Vulnerabilities Apr-May 2017
SUMMARY Symantec Network Protection products using affected versions of NSS are susceptible to two security vulnerabilities. A remote attacker can send empty SSLv2 messages and cause denial of service through application crashes. An attacker can also have unspecified impact by exploiting a...
SA148: Linux Kernel Vulnerabilities Feb-Apr 2017
SUMMARY Symantec Network Protection products that include a vulnerable version of the Linux kernel are susceptible to multiple vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to execute arbitrary code. The attacker can also cause deni...
SA141 : OpenSSL Vulnerabilities 26-Jan-2017
SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain private key information. AFFECTED PRODUCTS The following products are vulnerable:...