Lucene search
K
SymantecMessage Gateway

10 matches found

CVE
CVE
added 2017/08/11 8:0 p.m.921 views

CVE-2017-6327

CVE-2017-6327 affects Symantec Messaging Gateway prior to 10.6.3-267, with unauthenticated remote code execution through the web interface. Reports describe a pre-auth flaw (RestoreAction/web login handling) enabling arbitrary command execution with root privileges on affected appliances, exposed...

8.8CVSS8.8AI score0.35341EPSS
In wildWeb
CVE
CVE
added 2019/07/11 8:1 p.m.236 views

CVE-2019-12751

Symantec Messaging Gateway (SMG) before version 10.7.1 is affected by a privilege-escalation vulnerability. The issue allows an attacker to gain elevated privileges within the application, as described in vendor advisories and security feeds. Remediation provided by the vendor is to upgrade to SM...

9.8CVSS9.7AI score0.02282EPSS
CVE
CVE
added 2017/08/11 8:0 p.m.78 views

CVE-2017-6328

CVE-2017-6328 affects Symantec Messaging Gateway before 10.6.3-267. The vulnerability is a cross-site request forgery (CSRF/XSRF) flaw where authenticated actions (e.g., logout) can be triggered by forged requests without multi-step tokens. Public sources (NVD, Nessus/SA plug-in, OpenVAS entry, E...

8.8CVSS8.6AI score0.02139EPSS
CVE
CVE
added 2016/06/30 11:0 p.m.68 views

CVE-2016-2209

CVE-2016-2209 is a stack-based buffer overflow in Symantec products, notably in the PPT handling path (Dec2LHA.dll) of Symantec Protection for SharePoint Servers (versions 6.0.x up to HF1.6) and related Symantec Protection Engine deployments. It arises from improper validation of user-supplied PP...

9CVSS7.7AI score0.20891EPSS
CVE
CVE
added 2016/06/30 11:0 p.m.68 views

CVE-2016-2211

MODE C: The connected Nessus/OpenVAS entries describe CVE-2016-2211 as part of a set of vulnerabilities in Symantec products (notably the Decomposer/UNPACK engine and related parsers) affecting multiple versions of Symantec Protection for SharePoint Servers, Protection Engine, Web Gateway, and re...

9.3CVSS7.7AI score0.53402EPSS
CVE
CVE
added 2016/06/30 11:0 p.m.66 views

CVE-2016-3644

CVE-2016-3644 is a vulnerability in the Norton/Symantec decomposer/mime-parsing path (CMIMEParser::UpdateHeader) that can be triggered by specially crafted MIME data, potentially leading to memory corruption, a denial of service, or arbitrary code execution. The linked Nessus/OpenVAS entries tie ...

10CVSS7.8AI score0.17739EPSS
CVE
CVE
added 2016/06/30 11:0 p.m.64 views

CVE-2016-2207

The CVE-2016-2207 family is associated with multiple Symantec products (Norton/Norton AntiVirus/Norton Internet Security/Norton 360, SEP, SPE, SMSMSE, SMSDOM, SPSS, SWG, and related protection engines) and third-party components (Unpack ShortLZ in UnRAR, Dec2LHA, libmspack, MIME parsing, TNEF, ZI...

10CVSS7.7AI score0.18101EPSS
CVE
CVE
added 2016/06/30 11:0 p.m.64 views

CVE-2016-3646

CVE-2016-3646 affects the Decompressor (UnShrink/ZIP handling) in Symantec Norton/Norton Security and related products across the Symantec stack (including ATP, SDCS:S, Web Gateway, SEP on multiple platforms, SPE, SPSS, SMSMSE, SMSDOM, CSAPI, SMG/SMG-SP, Norton for Mac/Windows, NPE, NBRT). The is...

10CVSS7.7AI score0.17739EPSS
CVE
CVE
added 2016/06/30 11:0 p.m.60 views

CVE-2016-2210

CVE-2016-2210 is described in connected advisories as a buffer overflow in the Dec2LHA.dll (CSymLHA::get_header) used by Symantec Norton/Norton-related decomposer engines to decompress LZH/LHA archives. The vulnerability affects multiple Symantec products (e.g., Protection Engine, Protection for ...

9CVSS7.7AI score0.11372EPSS
CVE
CVE
added 2016/06/30 11:0 p.m.56 views

CVE-2016-3645

CVE-2016-3645 is an integer overflow in the TNEF data handling of the Decomposer engine (Attachment::setDataFromAttachment in Dec2TNEF.dll). A remote attacker could craft TNEF data to trigger a denial of service or arbitrary code execution. Affected products include various Symantec security prod...

10CVSS7.2AI score0.24614EPSS