Lucene search
K
SymantecAltiris Deployment Solution

24 matches found

CVE
CVE
added 2009/03/18 3:0 p.m.135 views

CVE-2008-4564

A stack-based buffer overflow in Autonomy KeyView SDK wp6sr.dll (WordPerfect document parser) allows remote code execution. The CVE-2008-4564 issue affects IBM Lotus Notes (and other products using KeyView), caused by unbounded copying of records into a fixed-size stack buffer when processing WPD...

9.3CVSS7.7AI score0.06757EPSS
CVE
CVE
added 2009/11/25 4:0 p.m.65 views

CVE-2009-3033

CVE-2009-3033 describes a stack-based buffer overflow in the RunCmd method of AeXNSConsoleUtilities.dll (Altiris eXpress NS Console Utilities ActiveX control) used by Symantec Altiris Deployment Solution, Altiris Notification Server, and Symantec Management Platform. The vulnerability allows remo...

9.3CVSS7.6AI score0.39967EPSS
CVE
CVE
added 2011/03/07 8:0 p.m.63 views

CVE-2009-3028

The CVE-2009-3028 entry concerns Symantec Altiris components (AeXNSPkgDLLib.dll) used in Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Management Platform 7.0.x. The AeXNSPkgDL.1 ActiveX control exposes an unsafe method, DownloadAndInstall, which can be abused to force the dow...

6.8CVSS7.7AI score0.42598EPSS
CVE
CVE
added 2009/09/08 11:0 p.m.63 views

CVE-2009-3109

CVE-2009-3109 affects Symantec Altiris Deployment Solution 6.9.x prior to 6.9 SP3 Build 430. The AClient agent, when key-based authentication is used, can be bypassed by spoofing the deployment server and issuing alternate commands before the handshake, allowing arbitrary commands to be executed ...

9.3CVSS8AI score0.03763EPSS
CVE
CVE
added 2009/11/03 4:0 p.m.61 views

CVE-2009-3031

The CVE-2009-3031 issue is a stack-based buffer overflow in the BrowseAndSaveFile() method of the AeXNSConsoleUtilities.dll (6.0.0.1846) ActiveX control used by Symantec Altiris Notification Server, Deployment Solution, and SMP . A long string in the second argument can lead to remote code execut...

9.3CVSS7.7AI score0.45435EPSS
CVE
CVE
added 2009/09/08 11:0 p.m.61 views

CVE-2009-3108

CVE-2009-3108 affects Symantec Altiris Deployment Solution 6.9.x prior to 6.9 SP3 Build 430. The Aclient GUI is installed with insecure permissions (Everyone: Full Control), enabling local users to escalate privileges by replacing the client executable with a Trojan horse. Impact is local privile...

7.2CVSS6.7AI score0.00375EPSS
CVE
CVE
added 2009/09/11 8:0 p.m.60 views

CVE-2009-3178

Technical details about CVE-2009-3178 are not publicly available in the provided documents. The materials only reference an unspecified DoS claim for Symantec Altiris Deployment Solution 6.9; monitor for updates.

7.8CVSS6.9AI score0.02621EPSS
CVE
CVE
added 2008/05/18 2:0 p.m.58 views

CVE-2008-2286

CVE-2008-2286 describes an SQL injection in Symantec Altiris Deployment Solution (DS) via axengine.exe, affecting 6.8.x and 6.9.x before 6.9.176. The vulnerability allows remote execution of arbitrary SQL commands through crafted notification packets (Port 402/tcp), with network access and no aut...

7.5CVSS8.2AI score0.32678EPSS
Web
CVE
CVE
added 2007/08/16 6:0 p.m.57 views

CVE-2007-4380

CVE-2007-4380 affects Symantec Altiris Deployment Solution 6.x prior to 6.8 SP2 (build 6.8.378) where the Aclient Log File Viewer enables local users to gain SYSTEM privileges. The vulnerability is described as a local privilege escalation via the Log File Viewer in the Altiris client (aclient). ...

7.2CVSS6.4AI score0.0035EPSS
CVE
CVE
added 2007/11/06 7:0 p.m.56 views

CVE-2007-5838

CVE-2007-5838 affects Symantec Altiris Deployment Solution 6.x prior to 6.8.380.0. A local privilege escalation is possible because a local user can gain SYSTEM privileges via the browser option “Enable key-based authentication to Deployment server.” The description notes this is a different issu...

7.2CVSS6.5AI score0.00385EPSS
CVE
CVE
added 2009/09/08 11:0 p.m.55 views

CVE-2009-3107

Symantec Altiris Deployment Solution 6.9.x prior to 6.9 SP3 Build 430 is affected by CVE-2009-3107 due to improper access restriction on the DBManager service port. This allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to the DBManager. Mu...

4.8CVSS7.2AI score0.00967EPSS
CVE
CVE
added 2008/05/18 2:0 p.m.53 views

CVE-2008-2291

Symantec Altiris Deployment Solution 6.8.x and 6.9.x prior to 6.9.176 are affected by CVE-2008-2291 due to an insecure credential mechanism in axengine.exe. The service, listening on TCP port 402, generates domain credentials with a fixed salt or no salt at all, enabling remote attackers to guess...

7.5CVSS6.6AI score0.04193EPSS
CVE
CVE
added 2009/06/08 7:0 p.m.53 views

CVE-2008-6827

Affected software: Symantec Altiris Deployment Solution (Client GUI) with AClient.exe in 6.x before 6.9.355 SP1. Vulnerability: A local privilege escalation via the ListView control’s hidden GUI button (the “Shatter” style attack) allows overwriting the CommandLine parameter to cmd.exe to gain SY...

7.8CVSS7.9AI score0.01084EPSS
CVE
CVE
added 2009/09/08 11:0 p.m.53 views

CVE-2009-3110

CVE-2009-3110 affects Symantec Altiris Deployment Solution 6.9.x prior to 6.9 SP3 Build 430. A race condition in the file transfer functionality allows a remote attacker to intercept file transfers by connecting to the transfer port before the legitimate client, potentially reading sensitive file...

5.8CVSS6.7AI score0.01477EPSS
CVE
CVE
added 2009/09/11 8:0 p.m.52 views

CVE-2009-3179

Technical details are not publicly available in the provided documents; monitor for updates.

10CVSS7.9AI score0.05314EPSS
CVE
CVE
added 2008/03/24 10:0 p.m.51 views

CVE-2008-1473

The CVE affects the Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164, allowing local users to gain privileges via a Shatter-style attack. Root cause is a privilege-escalation path in AClient.exe; impact is local privilege elevation. Mitigation: upg...

7.2CVSS6.5AI score0.00391EPSS
CVE
CVE
added 2009/06/08 7:0 p.m.50 views

CVE-2008-6828

CVE-2008-6828 affects Symantec Altiris Deployment Solution (6.x) prior to 6.9.355 SP1. Affected component: Application Identity Account handling; root cause: the Application Identity Account password is stored in memory in cleartext, enabling a local attacker to glean credentials and gain privile...

7.8CVSS7.7AI score0.00248EPSS
CVE
CVE
added 2008/04/11 8:28 p.m.48 views

CVE-2008-1754

The CVE-2008-1754 issue affects Symantec Altiris Deployment Solution before 6.9.164, where the Deployment Solution Agent (AClient) password is stored in cleartext in memory. This allows a local attacker to obtain sensitive credentials by dumping the aclient.exe process memory, leading to potentia...

1.7CVSS5.9AI score0.00309EPSS
CVE
CVE
added 2008/05/18 2:0 p.m.48 views

CVE-2008-2287

Affected product: Symantec Altiris Deployment Solution 6.8.x and 6.9.x prior to 6.9.176. Issue: insufficient protection of the install directory may allow a local user to gain privileges by replacing an application component with a Trojan horse. Documented impact: local privilege escalation with ...

7.2CVSS6.5AI score0.0035EPSS
CVE
CVE
added 2008/05/18 2:0 p.m.48 views

CVE-2008-2289

The CVE-2008-2289 entry concerns Symantec Altiris Deployment Solution 6.8.x and 6.9.x prior to 6.9.176. A vulnerability in a tooltip element enables local users to gain privileges via unspecified attack vectors. Connected documents corroborate the issue as part of multiple local vulnerabilities a...

7.2CVSS6.4AI score0.0035EPSS
CVE
CVE
added 2008/05/18 2:0 p.m.48 views

CVE-2008-2290

CVE-2008-2290 affects Symantec Altiris Deployment Solution Agent in 6.8.x and 6.9.x prior to 6.9.176. It is described as an unspecified local privilege escalation via the Agent user interface, with a CVSS v2 base score of 7.2 (LOCAL attack vector, HIGH impact). Public references note multiple loc...

7.2CVSS6.5AI score0.0035EPSS
CVE
CVE
added 2018/02/19 7:0 p.m.48 views

CVE-2010-0109

CVE-2010-0109 affects Symantec/Altiris Deployment Solution 6.9.x prior to DS 6.9 SP4. The DBManager component can crash via a crafted CreateSession or PXEManagerSignOn request, yielding a remote DoS. Exploitation potential is described as remote and network-adjacent, with impact on availability (...

6.5CVSS6.2AI score0.00854EPSS
CVE
CVE
added 2007/10/18 8:0 p.m.45 views

CVE-2007-5555

Technical details for CVE-2007-5555 are not publicly available in the provided documents; no affected products, root cause, impact or fix are disclosed. Monitor for updates.

6.9CVSS6.7AI score0.00328EPSS
CVE
CVE
added 2008/05/18 2:0 p.m.44 views

CVE-2008-2288

Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, enabling local users to cause a denial of service or obtain sensitive information. This CVE (CVE-2008-2288) is documented in NVD and related Nessus e...

3.6CVSS6.5AI score0.00341EPSS