10 matches found
CVE-2017-6327
CVE-2017-6327 affects Symantec Messaging Gateway prior to 10.6.3-267, with unauthenticated remote code execution through the web interface. Reports describe a pre-auth flaw (RestoreAction/web login handling) enabling arbitrary command execution with root privileges on affected appliances, exposed...
CVE-2019-12751
Symantec Messaging Gateway (SMG) before version 10.7.1 is affected by a privilege-escalation vulnerability. The issue allows an attacker to gain elevated privileges within the application, as described in vendor advisories and security feeds. Remediation provided by the vendor is to upgrade to SM...
CVE-2017-6328
CVE-2017-6328 affects Symantec Messaging Gateway before 10.6.3-267. The vulnerability is a cross-site request forgery (CSRF/XSRF) flaw where authenticated actions (e.g., logout) can be triggered by forged requests without multi-step tokens. Public sources (NVD, Nessus/SA plug-in, OpenVAS entry, E...
CVE-2016-2209
CVE-2016-2209 is a stack-based buffer overflow in Symantec products, notably in the PPT handling path (Dec2LHA.dll) of Symantec Protection for SharePoint Servers (versions 6.0.x up to HF1.6) and related Symantec Protection Engine deployments. It arises from improper validation of user-supplied PP...
CVE-2016-2211
MODE C: The connected Nessus/OpenVAS entries describe CVE-2016-2211 as part of a set of vulnerabilities in Symantec products (notably the Decomposer/UNPACK engine and related parsers) affecting multiple versions of Symantec Protection for SharePoint Servers, Protection Engine, Web Gateway, and re...
CVE-2016-3644
CVE-2016-3644 is a vulnerability in the Norton/Symantec decomposer/mime-parsing path (CMIMEParser::UpdateHeader) that can be triggered by specially crafted MIME data, potentially leading to memory corruption, a denial of service, or arbitrary code execution. The linked Nessus/OpenVAS entries tie ...
CVE-2016-2207
The CVE-2016-2207 family is associated with multiple Symantec products (Norton/Norton AntiVirus/Norton Internet Security/Norton 360, SEP, SPE, SMSMSE, SMSDOM, SPSS, SWG, and related protection engines) and third-party components (Unpack ShortLZ in UnRAR, Dec2LHA, libmspack, MIME parsing, TNEF, ZI...
CVE-2016-3646
CVE-2016-3646 affects the Decompressor (UnShrink/ZIP handling) in Symantec Norton/Norton Security and related products across the Symantec stack (including ATP, SDCS:S, Web Gateway, SEP on multiple platforms, SPE, SPSS, SMSMSE, SMSDOM, CSAPI, SMG/SMG-SP, Norton for Mac/Windows, NPE, NBRT). The is...
CVE-2016-2210
CVE-2016-2210 is described in connected advisories as a buffer overflow in the Dec2LHA.dll (CSymLHA::get_header) used by Symantec Norton/Norton-related decomposer engines to decompress LZH/LHA archives. The vulnerability affects multiple Symantec products (e.g., Protection Engine, Protection for ...
CVE-2016-3645
CVE-2016-3645 is an integer overflow in the TNEF data handling of the Decomposer engine (Attachment::setDataFromAttachment in Dec2TNEF.dll). A remote attacker could craft TNEF data to trigger a denial of service or arbitrary code execution. Affected products include various Symantec security prod...