VYPR

Vendor CVEs

Symantec

All CVEs

788 total · sorted by risk
  • CVE-2024-33673Apr 26, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.

  • CVE-2024-33671Apr 26, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files.

  • CVE-2024-28222Mar 7, 2024
    risk 0.00cvss epss 0.01

    In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.

  • CVE-2024-27283Feb 22, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed.

  • CVE-2024-23617Jan 25, 2024
    risk 0.00cvss epss 0.02

    A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.

  • CVE-2024-23614Jan 25, 2024
    risk 0.00cvss epss 0.02

    A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

  • CVE-2023-23958Sep 26, 2023
    risk 0.00cvss epss 0.01

    Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability.

  • CVE-2023-40256Aug 11, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting…

  • CVE-2023-21994Jul 18, 2023
    risk 0.00cvss epss 0.00

    Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the…

  • CVE-2023-38404Jul 17, 2023
    risk 0.00cvss epss 0.01

    The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.

  • CVE-2023-37237Jun 29, 2023
    risk 0.00cvss epss 0.01

    In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.

  • CVE-2023-32568May 10, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with…

  • CVE-2023-32569May 10, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to…

  • CVE-2023-26789Apr 5, 2023
    risk 0.00cvss epss 0.00

    Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's…

  • CVE-2023-28818Mar 24, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable…

  • CVE-2023-28758Mar 23, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files.

  • CVE-2023-28759Mar 23, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system.

  • CVE-2022-25631Jan 20, 2023
    risk 0.00cvss epss 0.00

    Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated

  • CVE-2022-46414Dec 4, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.

  • CVE-2022-46413Dec 4, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.

  • CVE-2022-46410Dec 4, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands.

  • CVE-2022-46411Dec 4, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.

  • CVE-2022-46412Dec 4, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.

  • CVE-2022-37016Dec 1, 2022
    risk 0.00cvss epss 0.01

    Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an…

  • CVE-2022-38166Nov 25, 2022
    risk 0.00cvss epss 0.01

    In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service.

  • CVE-2022-45461Nov 17, 2022
    risk 0.00cvss epss 0.01

    The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.

  • CVE-2022-42299Oct 3, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.

  • CVE-2022-42300Oct 3, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)

  • CVE-2022-42301Oct 3, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.

  • CVE-2022-42302Oct 3, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.

  • CVE-2022-42303Oct 3, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.

  • CVE-2022-42304Oct 3, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.

  • CVE-2022-42305Oct 3, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service.

  • CVE-2022-42306Oct 3, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.

  • CVE-2022-42307Oct 3, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.

  • CVE-2022-42308Oct 3, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.

  • CVE-2022-41320Sep 23, 2022
    risk 0.00cvss epss 0.01

    Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that…

  • CVE-2022-41319Sep 23, 2022
    risk 0.00cvss epss 0.00

    A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7).

  • CVE-2022-1700Sep 12, 2022
    risk 0.00cvss epss 0.01

    Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security…

  • CVE-2022-36984Jul 28, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service…

  • CVE-2022-36985Jul 28, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially…

  • CVE-2022-36986Jul 28, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary…

  • CVE-2022-36987Jul 28, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup…

  • CVE-2022-36988Jul 28, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or…

  • CVE-2022-36989Jul 28, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on…

  • CVE-2022-36990Jul 28, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to…

  • CVE-2022-36991Jul 28, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a…

  • CVE-2022-36992Jul 28, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on…

  • CVE-2022-36993Jul 28, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on…

  • CVE-2022-36994Jul 28, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a…

Page 7 of 16