Csapi Security Vulnerabilities and Issues — Csapi CVE List

SymantecCsapi

9 matches found

CVE•added 2016/06/30 11:0 p.m.•65 views

CVE-2016-2211

MODE C: The connected Nessus/OpenVAS entries describe CVE-2016-2211 as part of a set of vulnerabilities in Symantec products (notably the Decomposer/UNPACK engine and related parsers) affecting multiple versions of Symantec Protection for SharePoint Servers, Protection Engine, Web Gateway, and re...

9.3CVSS7.7AI score0.53402EPSS

CVE•added 2016/06/30 11:0 p.m.•64 views

CVE-2016-3644

CVE-2016-3644 is a vulnerability in the Norton/Symantec decomposer/mime-parsing path (CMIMEParser::UpdateHeader) that can be triggered by specially crafted MIME data, potentially leading to memory corruption, a denial of service, or arbitrary code execution. The linked Nessus/OpenVAS entries tie ...

10CVSS7.8AI score0.17739EPSS

CVE•added 2016/06/30 11:0 p.m.•63 views

CVE-2016-2209

CVE-2016-2209 is a stack-based buffer overflow in Symantec products, notably in the PPT handling path (Dec2LHA.dll) of Symantec Protection for SharePoint Servers (versions 6.0.x up to HF1.6) and related Symantec Protection Engine deployments. It arises from improper validation of user-supplied PP...

9CVSS7.7AI score0.20891EPSS

CVE•added 2016/06/30 11:0 p.m.•62 views

CVE-2016-3646

CVE-2016-3646 affects the Decompressor (UnShrink/ZIP handling) in Symantec Norton/Norton Security and related products across the Symantec stack (including ATP, SDCS:S, Web Gateway, SEP on multiple platforms, SPE, SPSS, SMSMSE, SMSDOM, CSAPI, SMG/SMG-SP, Norton for Mac/Windows, NPE, NBRT). The is...

10CVSS7.7AI score0.17739EPSS

CVE•added 2016/06/30 11:0 p.m.•61 views

CVE-2016-2207

The CVE-2016-2207 family is associated with multiple Symantec products (Norton/Norton AntiVirus/Norton Internet Security/Norton 360, SEP, SPE, SMSMSE, SMSDOM, SPSS, SWG, and related protection engines) and third-party components (Unpack ShortLZ in UnRAR, Dec2LHA, libmspack, MIME parsing, TNEF, ZI...

10CVSS7.7AI score0.18101EPSS

CVE•added 2017/04/14 6:0 p.m.•61 views

CVE-2016-5310

CVE-2016-5310 covers a denial-of-service memory-corruption issue in the RAR file parser/decompressor across Symantec products (ATP, various SEP variants, SPE, SMSG, SMSDOM, SPSS, SMSMSE, SEPC, SEPC, etc.). The root cause is mishandling of crafted RAR archives in the decompression path, leading to...

5.5CVSS5.1AI score0.05307EPSS

CVE•added 2017/04/14 6:0 p.m.•59 views

CVE-2016-5309

CVE-2016-5309 is a DoS in the RAR file parser of Symantec’s decomposer engines across multiple products (ATP/NS/SEPs/SPE/SMG family). The root cause is an out-of-bounds read during RAR decompression, allowing remote attackers to crash affected applications via specially crafted RAR files. A close...

5.5CVSS5.1AI score0.06877EPSS

CVE•added 2016/06/30 11:0 p.m.•57 views

CVE-2016-2210

CVE-2016-2210 is described in connected advisories as a buffer overflow in the Dec2LHA.dll (CSymLHA::get_header) used by Symantec Norton/Norton-related decomposer engines to decompress LZH/LHA archives. The vulnerability affects multiple Symantec products (e.g., Protection Engine, Protection for ...

9CVSS7.7AI score0.11372EPSS

CVE•added 2016/06/30 11:0 p.m.•52 views

CVE-2016-3645

CVE-2016-3645 is an integer overflow in the TNEF data handling of the Decomposer engine (Attachment::setDataFromAttachment in Dec2TNEF.dll). A remote attacker could craft TNEF data to trigger a denial of service or arbitrary code execution. Affected products include various Symantec security prod...

10CVSS7.2AI score0.24614EPSS