Storage Foundation
by Symantec
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-3566 | 0.03 | — | 0.01 | Nov 16, 2005 | Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8)… | |||
| CVE-2011-0547 | 0.01 | — | 0.07 | Aug 19, 2011 | Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for… | |||
| CVE-2009-3027 | 0.01 | — | 0.11 | Dec 11, 2009 | VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage… | |||
| CVE-2008-3703 | 0.01 | — | 0.12 | Aug 18, 2008 | The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to… | |||
| CVE-2020-36166 | 0.00 | — | 0.00 | Jan 6, 2021 | An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the… | |||
| CVE-2019-18780 | 0.00 | — | 0.06 | Nov 5, 2019 | An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance… | |||
| CVE-2007-4516 | 0.00 | — | 0.01 | Feb 21, 2008 | The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets. | |||
| CVE-2008-0638 | 0.00 | — | 0.06 | Feb 21, 2008 | Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for… | |||
| CVE-2007-2279 | 0.00 | — | 0.06 | Jun 4, 2007 | The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under… |
- CVE-2005-3566Nov 16, 2005risk 0.03cvss —epss 0.01
Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8)…
- CVE-2011-0547Aug 19, 2011risk 0.01cvss —epss 0.07
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for…
- CVE-2009-3027Dec 11, 2009risk 0.01cvss —epss 0.11
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage…
- CVE-2008-3703Aug 18, 2008risk 0.01cvss —epss 0.12
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to…
- CVE-2020-36166Jan 6, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the…
- CVE-2019-18780Nov 5, 2019risk 0.00cvss —epss 0.06
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance…
- CVE-2007-4516Feb 21, 2008risk 0.00cvss —epss 0.01
The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets.
- CVE-2008-0638Feb 21, 2008risk 0.00cvss —epss 0.06
Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for…
- CVE-2007-2279Jun 4, 2007risk 0.00cvss —epss 0.06
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under…