Brightmail Antispam
by Symantec
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0671 | 0.03 | — | 0.03 | Aug 6, 2004 | Brightmail Spamfilter 6.0 and earlier beta releases allows remote attackers to read mail from other users by modifying the id parameter in a viewMsgDetails.do request. | |||
| CVE-2005-0249 | 0.02 | — | 0.19 | Feb 8, 2005 | Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. | |||
| CVE-2008-4564 | 0.01 | — | 0.07 | Mar 18, 2009 | Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute… | |||
| CVE-2007-3699 | 0.00 | — | 0.04 | Oct 5, 2007 | The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header. | |||
| CVE-2007-0447 | 0.00 | — | 0.06 | Oct 5, 2007 | Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives. | |||
| CVE-2006-4013 | 0.00 | — | 0.04 | Aug 7, 2006 | Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and… | |||
| CVE-2006-4014 | 0.00 | — | 0.02 | Aug 7, 2006 | Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts". | |||
| CVE-2005-4695 | 0.00 | — | 0.03 | Dec 31, 2005 | Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages. | |||
| CVE-2005-1867 | 0.00 | — | 0.02 | Jun 9, 2005 | Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges. | |||
| CVE-2004-1768 | 0.00 | — | 0.02 | Dec 17, 2004 | The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized by the converters. |
- CVE-2004-0671Aug 6, 2004risk 0.03cvss —epss 0.03
Brightmail Spamfilter 6.0 and earlier beta releases allows remote attackers to read mail from other users by modifying the id parameter in a viewMsgDetails.do request.
- CVE-2005-0249Feb 8, 2005risk 0.02cvss —epss 0.19
Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.
- CVE-2008-4564Mar 18, 2009risk 0.01cvss —epss 0.07
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute…
- CVE-2007-3699Oct 5, 2007risk 0.00cvss —epss 0.04
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.
- CVE-2007-0447Oct 5, 2007risk 0.00cvss —epss 0.06
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
- CVE-2006-4013Aug 7, 2006risk 0.00cvss —epss 0.04
Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and…
- CVE-2006-4014Aug 7, 2006risk 0.00cvss —epss 0.02
Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts".
- CVE-2005-4695Dec 31, 2005risk 0.00cvss —epss 0.03
Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages.
- CVE-2005-1867Jun 9, 2005risk 0.00cvss —epss 0.02
Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges.
- CVE-2004-1768Dec 17, 2004risk 0.00cvss —epss 0.02
The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized by the converters.