6867 matches found
Symantec Security Advisory for Log4j Vulnerability
Summary Symantec products may be susceptible to a flaw in the Apache Log4j 2 library JNDI lookup mechanism. A remote attacker, who can trigger Log4j to log crafted malicious strings, can execute arbitrary code on the target system. Affected Products The following products and product versions are...
Authentication Bypass in ASG and ProxySG
Summary The Symantec Advanced Secure Gateway ASG and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance...
Symantec Security Update
Symantec Endpoint Protection, Data Center Security and Cloud Workload Protection Security Update Summary Symantec - A Division of Broadcom has released updates to address issues that were discovered in the Symantec Endpoint Protection Manager SEPM, Symantec Endpoint Protection SEP, Data Center...
OS Command Injection in Security Analytics
Summary The Symantec Security Analytics web UI is susceptible to an OS command injection vulnerability. A remote unauthenticated attacker, who has access to the Security Analytics web UI, can execute arbitrary OS commands on the target with elevated privileges. Affected Products The following...
OpenSSL Vulnerabilities Mar 2021
Summary Symantec Network and Information Security NIS products using affected versions of OpenSSL may be susceptible to two vulnerabilities. A remote attacker may be able to cause denial of service through application crashes. An application may successfully validate an invalid X.509 certificate...
Apache Tomcat Vulnerabilities May 2020 - Mar 2021
Summary Symantec Network and Information Security NIS products using affected versions of Apache Tomcat may be susceptible to multiple vulnerabilities. A remote attacker may be able to execute arbitrary code on the target server, observe HTTP responses for other users' requests, obtain JSP source...
OpenSSL Vulnerabilities Sep 2020 - Feb 2021
Summary Symantec Network and Information Security NIS products using affected versions of OpenSSL may be susceptible to multiple vulnerabilities. A remote attacker may be able to decrypt encrypted communication from an SSL/TLS connection, downgrade a newly established SSL/TLS connection to SSLv2,...
Linux Kernel CVE-2019-5108 Denial of Service Vulnerability
Description Linux Kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Versions prior to Linux kernel 5.3 are vulnerable. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0.10 Linux kernel 2.0.11...
Privilege Escalation and Information Disclosure Vulnerabilities in SMG
Summary Symantec Messaging Gateway SMG is susceptible to privilege escalation and information disclosure vulnerabilities. A malicious, authenticated, privileged user can further elevate their privileges on the system, or obtain a password for a remote SCP backup server that they might not otherwi...
Symantec Endpoint Detection & Response Security Update
Summary Symantec - A Division of Broadcom has released an update to address an issue that was discovered in the Symantec Endpoint Detection & Response SEDR product. Affected Products Symantec Endpoint Detection & Response SEDR --- CVE | Affected Version | Remediation CVE-2020-12593 | Prior to 4.5...
SEDR Information Disclosure
Summary Symantec - A Division of Broadcom has released an update to address an issue that was discovered in the Symantec Endpoint Detection & Response SEDR product. Affected Product Symantec Endpoint Detection and Response SEDR --- CVE | Affected Versions | Remediation CVE-2020-5839 | Prior to 4....
Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020
Summary Symantec Web Security Group WSG products using affected versions of Apache HTTP Server may be susceptible to multiple vulnerabilities. A remote attacker can bypass security controls, modify the behavior of HTTP Server configuration, obtain information from the server process memory, perfo...
OpenSSL Vulnerabilities Sep 2019 – Apr 2020
Summary Symantec Web Security Group WSG products using affected versions of OpenSSL may be susceptible to multiple vulnerabilities. A local or remote attacker can obtain private key or other secret key information. A remote attacker can also cause denial of service. Affected Products The followin...
IT Analytics XSS
Summary Symantec has released an update to address an issue that was discovered in the IT Analytics product. Affected Products IT Analytics --- CVE | Affected Versions | Remediation CVE-2020-5838 | Prior to 2.9.1 | Upgrade to 2.9.1 Issue Details CVE-2020-5838 --- Severity/CVSSv3: | Medium / 4.3...
Apache Tomcat Vulnerabilities Oct 2018 – Feb 2020
Summary Symantec SWG products using affected versions of Apache Tomcat may be susceptible to multiple vulnerabilities. A remote attacker can execute arbitrary code on the target host, hijack an authenticated Tomcat user's session, redirect a Tomcat user to an arbitrary URL, execute arbitrary...
Symantec Endpoint Protection Security Update
Summary Symantec, A Division of Broadcom has released updates to address issues that were discovered in the Symantec Endpoint Protection SEP and Symantec Endpoint Protection Manager SEPM products. Affected Products Symantec Endpoint Protection Manager SEPM --- CVE | Affected Versions | Remediatio...
Nginx Vulnerabilities Jul 2017 - Oct 2019
Summary Symantec SWG products using affected versions of Nginx may be susceptible to multiple Nginx vulnerabilities. A remote attacker can use crafted requests to obtain sensitive information or cause denial of service. An attacker can also obtain sensitive information or cause denial of service ...
OpenSSH Vulnerabilities Jan-Oct 2019
Summary Symantec SWG products using affected versions of OpenSSH are susceptible to multiple vulnerabilities. A malicious SCP server or SCP man-in-the-middle MITM attacker can modify state on the SCP client host. A local attacker can cause denial of service through OpenSSH application crashes...
Session Hijacking Vulnerability in ProxySG and ASG
Summary The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. Affected Products Advanced Secure...
CSRF Token Information Disclosure in MC
Summary The Management Center MC web UI is susceptible to a CSRF token disclosure vulnerability. A remote attacker, who has access to an authenticated MC user's web browser history or a network device that intercepts/logs traffic to MC, can obtain CSRF tokens and use them to perform CSRF attacks...
Data Center Security Privilege Escalation
Summary Symantec has released an update to address an issue that was discovered in the Data Center Security Manager component. Affected Products Data Center Security Manager Component --- CVE | Affected Versions | Remediation CVE-2020-5832 | Prior to 6.8.2 aka 6.8 MP2 | Upgrade 6.8.2 aka 6.8 MP2...
Symantec Endpoint Protection Multiple Issues
Summary Symantec has released updates to address issues that were discovered in the Symantec Endpoint Protection SEP, Symantec Endpoint Protection Manager SEPM, and Symantec Endpoint Protection Small Business Edition SEP SBE products. At this time, Symantec is not aware of any exploitations or...
Microsoft Windows Search Indexer CVE-2020-0623 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Oracle Siebel CRM Cpujan2020 Multiple Remote Security Vulnerabilities
Description Oracle Siebel CRM is prone to multiple remote security vulnerabilities. These vulnerabilities affect the 'EAI' and 'SWSE Server' components and can be exploited over the 'HTTP' protocol. These vulnerabilities affect the following supported versions: 19.10 and prior Technologies Affect...
Microsoft Dynamics 365 CVE-2020-0656 Cross Site Scripting Vulnerability
Description Microsoft Dynamics 365 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Oracle Financial Services Analytical Applications Infrastructure Remote Security Vulnerability
Description Oracle Financial Services Analytical Applications Infrastructure is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Object Migration' component is affected. This vulnerability affects the following supported versions: 8.0.4...
Oracle PeopleSoft Enterprise CC Common Application Objects Remote Security Vulnerability
Description Oracle PeopleSoft Enterprise CC Common Application Objects is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Approval Framework' component is affected. This vulnerability affects the following supported versions: 9.1, 9.2 Technologie...
Oracle Banking Corporate Lending cpujan2020 Multiple Security Vulnerabilities
Description Oracle Banking Corporate Lending is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over the 'HTTP' protocol. The 'Core module' component is affected. These vulnerabilities affect the following supported versions: 12.3.0 through 12.4.0, 14.0.0 throug...
Oracle Retail Customer Management and Segmentation Foundation Multiple Security Vulnerabilities
Description Oracle Retail Customer Management and Segmentation Foundation is prone to multiple security vulnerabilities. The 'Internal Operations' component is affected. These vulnerabilities affect the following supported versions: 16.0 Technologies Affected Oracle Retail Customer Management and...
Oracle Financial Services Revenue Management and Billing Remote Security Vulnerability
Description Oracle Financial Services Revenue Management and Billing is prone to a remote security vulnerability. The vulnerability can be exploited over 'HTTP' protocol. The 'File Upload' sub component is affected. This vulnerability affects the following supported versions: 2.7.0.0, 2.7.0.1,...
Microsoft Windows Search Indexer CVE-2020-0631 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Microsoft Windows Graphics Components CVE-2020-0607 Information Disclosure Vulnerability
Description Microsoft Windows is prone to a information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 160...
SAP NetWeaver Process Integration CVE-2020-6305 Cross Site Scripting Vulnerability
Description SAP NetWeaver Process Integration is prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
Oracle Primavera P6 Enterprise Project Portfolio Management Remote Security Vulnerability
Description Oracle Primavera P6 Enterprise Project Portfolio Management is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Web Access' component is affected. This vulnerability affects the following supported versions: 15.1.0.0 through...
Oracle GraalVM Enterprise Edition CVE-2020-2581 Local Security Vulnerability
Description Oracle GraalVM Enterprise Edition is prone to a local security vulnerability. The 'LLVM Interpreter' component is affected. This vulnerability affects the following supported versions: 19.3.0.2 Technologies Affected Oracle GraalVM Enterprise Edition 19.3.0.2 Recommendations Block...
Oracle Java SE CVE-2020-2654 Remote Security Vulnerability
Description Oracle Java SE is prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the 'Libraries' component. This vulnerability affects the following supported versions: Java SE: 7u241, 8u231, 11.0.5, 13.0.1 Technologies Affecte...
Microsoft Office CVE-2020-0652 Memory Corruption Vulnerability
Description Microsoft Office is prone to a memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Microsoft Windows Search Indexer CVE-2020-0628 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Microsoft Windows Common Log File System CVE-2020-0634 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Window...
Microsoft Windows GDI+ Component CVE-2020-0643 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...
Microsoft Windows Search Indexer CVE-2020-0629 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Microsoft Windows Search Indexer CVE-2020-0613 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Oracle Database Server cpujan2020 Multiple Remote Security Vulnerabilities
Description Oracle Database Server is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over 'OracleNet' protocol. The 'Database Gateway for ODBC' component is affected. These vulnerabilities affect the following supported versions: 11.2.0.4, 12.1.0.2,...
Oracle MySQL Client cpujan2020 Multiple Remote Security Vulnerabilities
Description Oracle MySQL Client is prone to multiple remote security vulnerabilities in 'C API' component. These vulnerabilities can be exploited over the 'MySQL' protocol. These vulnerabilities affect the following supported versions: 5.7.28 and prior, 8.0.18 and prior Technologies Affected Orac...
Oracle Identity Manager CVE-2020-2728 Remote Security Vulnerability
Description Oracle Identity Manager is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'OIM - LDAP user and role Synch' component is affected. This vulnerability affects the following supported versions: 12.2.1.3.0 Technologies Affected...
Oracle E-Business Suite cpujan2020 Multiple Security Vulnerabilities
Description Oracle E-Business Suite is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over 'HTTPS' protocol. The 'Message Display', 'Shopping Cart', 'Others', 'Call Phone Number Page', 'Wireless' components are affected. These vulnerabilities affect the followi...
Oracle Enterprise Manager Base Platform cpujan2020 Multiple Remote Security Vulnerabilities
Description Oracle Enterprise Manager Base Platform is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over HTTP protocol. The 'Enterprise Config Management', 'Application Service Level Mgmt, 'Cloud Control Manager - OMS', 'Configuration Standard...
Oracle VM VirtualBox Cpujan2020 Multiple Local Security Vulnerabilities
Description Oracle VM VirtualBox is prone to multiple local security vulnerabilities in the 'Core' component. An attacker can exploit these issues to perform unauthorized actions. This may aid in launching further attacks. These vulnerabilities affect the following supported versions: Prior to...
Oracle E-Business Suite cpujan2020 Multiple Security Vulnerabilities
Description Oracle E-Business Suite is prone to multiple security vulnerabilities in 'Human Resources' product. These vulnerabilities affect the following supported versions: 12.1.1 through 12.1.3, 12.2.3 through 12.2.9 Technologies Affected Oracle E-Business Suite 12.1.1 Oracle E-Business Suite...
Adobe Experience Manager APSB20-01 Multiple Cross Site Scripting Vulnerabilities
Description Adobe Experience Manager is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...