Vendor CVEs
Symantec
All CVEs
788 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-33673 | 0.00 | — | 0.00 | Apr 26, 2024 | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path. | |||
| CVE-2024-33671 | 0.00 | — | 0.00 | Apr 26, 2024 | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. | |||
| CVE-2024-28222 | 0.00 | — | 0.01 | Mar 7, 2024 | In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. | |||
| CVE-2024-27283 | 0.00 | — | 0.01 | Feb 22, 2024 | A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed. | |||
| CVE-2024-23617 | 0.00 | — | 0.02 | Jan 25, 2024 | A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution. | |||
| CVE-2024-23614 | 0.00 | — | 0.02 | Jan 25, 2024 | A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | |||
| CVE-2023-23958 | 0.00 | — | 0.01 | Sep 26, 2023 | Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. | |||
| CVE-2023-40256 | 0.00 | — | 0.00 | Aug 11, 2023 | A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting… | |||
| CVE-2023-21994 | 0.00 | — | 0.00 | Jul 18, 2023 | Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the… | |||
| CVE-2023-38404 | 0.00 | — | 0.01 | Jul 17, 2023 | The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server. | |||
| CVE-2023-37237 | 0.00 | — | 0.01 | Jun 29, 2023 | In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. | |||
| CVE-2023-32568 | 0.00 | — | 0.01 | May 10, 2023 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with… | |||
| CVE-2023-32569 | 0.00 | — | 0.01 | May 10, 2023 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to… | |||
| CVE-2023-26789 | 0.00 | — | 0.00 | Apr 5, 2023 | Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's… | |||
| CVE-2023-28818 | 0.00 | — | 0.00 | Mar 24, 2023 | An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable… | |||
| CVE-2023-28758 | 0.00 | — | 0.00 | Mar 23, 2023 | An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files. | |||
| CVE-2023-28759 | 0.00 | — | 0.00 | Mar 23, 2023 | An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system. | |||
| CVE-2022-25631 | 0.00 | — | 0.00 | Jan 20, 2023 | Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated | |||
| CVE-2022-46414 | 0.00 | — | 0.01 | Dec 4, 2022 | An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal. | |||
| CVE-2022-46413 | 0.00 | — | 0.01 | Dec 4, 2022 | An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal. | |||
| CVE-2022-46410 | 0.00 | — | 0.01 | Dec 4, 2022 | An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands. | |||
| CVE-2022-46411 | 0.00 | — | 0.01 | Dec 4, 2022 | An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges. | |||
| CVE-2022-46412 | 0.00 | — | 0.01 | Dec 4, 2022 | An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands. | |||
| CVE-2022-37016 | 0.00 | — | 0.01 | Dec 1, 2022 | Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an… | |||
| CVE-2022-38166 | 0.00 | — | 0.01 | Nov 25, 2022 | In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. | |||
| CVE-2022-45461 | 0.00 | — | 0.01 | Nov 17, 2022 | The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. | |||
| CVE-2022-42299 | 0.00 | — | 0.01 | Oct 3, 2022 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service. | |||
| CVE-2022-42300 | 0.00 | — | 0.01 | Oct 3, 2022 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.) | |||
| CVE-2022-42301 | 0.00 | — | 0.01 | Oct 3, 2022 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. | |||
| CVE-2022-42302 | 0.00 | — | 0.01 | Oct 3, 2022 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. | |||
| CVE-2022-42303 | 0.00 | — | 0.01 | Oct 3, 2022 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. | |||
| CVE-2022-42304 | 0.00 | — | 0.01 | Oct 3, 2022 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. | |||
| CVE-2022-42305 | 0.00 | — | 0.01 | Oct 3, 2022 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. | |||
| CVE-2022-42306 | 0.00 | — | 0.00 | Oct 3, 2022 | An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process. | |||
| CVE-2022-42307 | 0.00 | — | 0.01 | Oct 3, 2022 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service. | |||
| CVE-2022-42308 | 0.00 | — | 0.00 | Oct 3, 2022 | An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code. | |||
| CVE-2022-41320 | 0.00 | — | 0.01 | Sep 23, 2022 | Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that… | |||
| CVE-2022-41319 | 0.00 | — | 0.00 | Sep 23, 2022 | A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7). | |||
| CVE-2022-1700 | 0.00 | — | 0.01 | Sep 12, 2022 | Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security… | |||
| CVE-2022-36984 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service… | |||
| CVE-2022-36985 | 0.00 | — | 0.00 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially… | |||
| CVE-2022-36986 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary… | |||
| CVE-2022-36987 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup… | |||
| CVE-2022-36988 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or… | |||
| CVE-2022-36989 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on… | |||
| CVE-2022-36990 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to… | |||
| CVE-2022-36991 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a… | |||
| CVE-2022-36992 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on… | |||
| CVE-2022-36993 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on… | |||
| CVE-2022-36994 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a… |
- CVE-2024-33673Apr 26, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.
- CVE-2024-33671Apr 26, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files.
- CVE-2024-28222Mar 7, 2024risk 0.00cvss —epss 0.01
In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.
- CVE-2024-27283Feb 22, 2024risk 0.00cvss —epss 0.01
A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed.
- CVE-2024-23617Jan 25, 2024risk 0.00cvss —epss 0.02
A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.
- CVE-2024-23614Jan 25, 2024risk 0.00cvss —epss 0.02
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
- CVE-2023-23958Sep 26, 2023risk 0.00cvss —epss 0.01
Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability.
- CVE-2023-40256Aug 11, 2023risk 0.00cvss —epss 0.00
A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting…
- CVE-2023-21994Jul 18, 2023risk 0.00cvss —epss 0.00
Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the…
- CVE-2023-38404Jul 17, 2023risk 0.00cvss —epss 0.01
The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.
- CVE-2023-37237Jun 29, 2023risk 0.00cvss —epss 0.01
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.
- CVE-2023-32568May 10, 2023risk 0.00cvss —epss 0.01
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with…
- CVE-2023-32569May 10, 2023risk 0.00cvss —epss 0.01
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to…
- CVE-2023-26789Apr 5, 2023risk 0.00cvss —epss 0.00
Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's…
- CVE-2023-28818Mar 24, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable…
- CVE-2023-28758Mar 23, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files.
- CVE-2023-28759Mar 23, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system.
- CVE-2022-25631Jan 20, 2023risk 0.00cvss —epss 0.00
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated
- CVE-2022-46414Dec 4, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.
- CVE-2022-46413Dec 4, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.
- CVE-2022-46410Dec 4, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands.
- CVE-2022-46411Dec 4, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.
- CVE-2022-46412Dec 4, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.
- CVE-2022-37016Dec 1, 2022risk 0.00cvss —epss 0.01
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an…
- CVE-2022-38166Nov 25, 2022risk 0.00cvss —epss 0.01
In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.
- CVE-2022-45461Nov 17, 2022risk 0.00cvss —epss 0.01
The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.
- CVE-2022-42299Oct 3, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.
- CVE-2022-42300Oct 3, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)
- CVE-2022-42301Oct 3, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.
- CVE-2022-42302Oct 3, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.
- CVE-2022-42303Oct 3, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.
- CVE-2022-42304Oct 3, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.
- CVE-2022-42305Oct 3, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service.
- CVE-2022-42306Oct 3, 2022risk 0.00cvss —epss 0.00
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.
- CVE-2022-42307Oct 3, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.
- CVE-2022-42308Oct 3, 2022risk 0.00cvss —epss 0.00
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.
- CVE-2022-41320Sep 23, 2022risk 0.00cvss —epss 0.01
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that…
- CVE-2022-41319Sep 23, 2022risk 0.00cvss —epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7).
- CVE-2022-1700Sep 12, 2022risk 0.00cvss —epss 0.01
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security…
- CVE-2022-36984Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service…
- CVE-2022-36985Jul 28, 2022risk 0.00cvss —epss 0.00
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially…
- CVE-2022-36986Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary…
- CVE-2022-36987Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup…
- CVE-2022-36988Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or…
- CVE-2022-36989Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on…
- CVE-2022-36990Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to…
- CVE-2022-36991Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a…
- CVE-2022-36992Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on…
- CVE-2022-36993Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on…
- CVE-2022-36994Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a…
Page 7 of 16