Vendor CVEs
Symantec
All CVEs
788 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-36995 | 0.00 | — | 0.00 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a… | |||
| CVE-2022-36996 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to… | |||
| CVE-2022-36997 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include… | |||
| CVE-2022-36998 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer… | |||
| CVE-2022-36999 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely… | |||
| CVE-2022-37000 | 0.00 | — | 0.01 | Jul 28, 2022 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely… | |||
| CVE-2022-36948 | 0.00 | — | 0.00 | Jul 27, 2022 | In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||
| CVE-2022-36949 | 0.00 | — | 0.00 | Jul 27, 2022 | In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||
| CVE-2022-36950 | 0.00 | — | 0.01 | Jul 27, 2022 | In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||
| CVE-2022-36951 | 0.00 | — | 0.01 | Jul 27, 2022 | In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||
| CVE-2022-36952 | 0.00 | — | 0.00 | Jul 27, 2022 | In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||
| CVE-2022-36953 | 0.00 | — | 0.01 | Jul 27, 2022 | In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||
| CVE-2022-36954 | 0.00 | — | 0.01 | Jul 27, 2022 | In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||
| CVE-2022-36955 | 0.00 | — | 0.00 | Jul 27, 2022 | In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1. | |||
| CVE-2022-36956 | 0.00 | — | 0.00 | Jul 27, 2022 | In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1. | |||
| CVE-2022-34901 | 0.00 | — | 0.00 | Jul 18, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The… | |||
| CVE-2022-34900 | 0.00 | — | 0.00 | Jul 18, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific… | |||
| CVE-2022-34899 | 0.00 | — | 0.00 | Jul 18, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The… | |||
| CVE-2021-41570 | 0.00 | — | 0.00 | Apr 19, 2022 | Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation. | |||
| CVE-2022-26778 | 0.00 | — | 0.00 | Mar 9, 2022 | Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized… | |||
| CVE-2022-25820 | 0.00 | — | 0.00 | Mar 8, 2022 | A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. | |||
| CVE-2022-26484 | 0.00 | — | 0.03 | Mar 4, 2022 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on… | |||
| CVE-2022-26483 | 0.00 | — | 0.00 | Mar 4, 2022 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web… | |||
| CVE-2021-20032 | 0.00 | — | 0.02 | Aug 10, 2021 | SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier. | |||
| CVE-2020-36160 | 0.00 | — | 0.00 | Jan 6, 2021 | An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can… | |||
| CVE-2020-36161 | 0.00 | — | 0.00 | Jan 6, 2021 | An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a… | |||
| CVE-2020-36162 | 0.00 | — | 0.00 | Jan 6, 2021 | An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems users can create… | |||
| CVE-2020-36163 | 0.00 | — | 0.00 | Jan 6, 2021 | An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create… | |||
| CVE-2020-36165 | 0.00 | — | 0.00 | Jan 6, 2021 | An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems,… | |||
| CVE-2020-36166 | 0.00 | — | 0.00 | Jan 6, 2021 | An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the… | |||
| CVE-2020-36167 | 0.00 | — | 0.00 | Jan 6, 2021 | An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf… | |||
| CVE-2020-36168 | 0.00 | — | 0.00 | Jan 6, 2021 | An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By… | |||
| CVE-2020-36169 | 0.00 | — | 0.00 | Jan 6, 2021 | An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create… | |||
| CVE-2020-36159 | 0.00 | — | 0.01 | Jan 5, 2021 | Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication. | |||
| CVE-2020-27156 | 0.00 | — | 0.02 | Oct 15, 2020 | Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user. | |||
| CVE-2020-27157 | 0.00 | — | 0.01 | Oct 15, 2020 | Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the… | |||
| CVE-2020-6300 | 0.00 | — | 0.01 | Aug 12, 2020 | SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode… | |||
| CVE-2020-15816 | 0.00 | — | 0.04 | Jul 17, 2020 | In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables. | |||
| CVE-2020-12874 | 0.00 | — | 0.01 | May 14, 2020 | Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server. | |||
| CVE-2020-12875 | 0.00 | — | 0.01 | May 14, 2020 | Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application. | |||
| CVE-2020-12877 | 0.00 | — | 0.01 | May 14, 2020 | Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication. | |||
| CVE-2020-12876 | 0.00 | — | 0.01 | May 14, 2020 | Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments. | |||
| CVE-2020-5838 | 0.00 | — | 0.01 | May 13, 2020 | Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users. | |||
| CVE-2020-5837 | 0.00 | — | 0.01 | May 11, 2020 | Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. | |||
| CVE-2020-5836 | 0.00 | — | 0.00 | May 11, 2020 | Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. | |||
| CVE-2020-5835 | 0.00 | — | 0.00 | May 11, 2020 | Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. | |||
| CVE-2020-5834 | 0.00 | — | 0.02 | May 11, 2020 | Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. | |||
| CVE-2020-5833 | 0.00 | — | 0.00 | May 11, 2020 | Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | |||
| CVE-2019-18375 | 0.00 | — | 0.01 | Apr 9, 2020 | The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. | |||
| CVE-2012-6277 | 0.00 | — | 0.08 | Feb 21, 2020 | Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before… |
- CVE-2022-36995Jul 28, 2022risk 0.00cvss —epss 0.00
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a…
- CVE-2022-36996Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to…
- CVE-2022-36997Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include…
- CVE-2022-36998Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer…
- CVE-2022-36999Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely…
- CVE-2022-37000Jul 28, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely…
- CVE-2022-36948Jul 27, 2022risk 0.00cvss —epss 0.00
In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
- CVE-2022-36949Jul 27, 2022risk 0.00cvss —epss 0.00
In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
- CVE-2022-36950Jul 27, 2022risk 0.00cvss —epss 0.01
In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
- CVE-2022-36951Jul 27, 2022risk 0.00cvss —epss 0.01
In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
- CVE-2022-36952Jul 27, 2022risk 0.00cvss —epss 0.00
In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
- CVE-2022-36953Jul 27, 2022risk 0.00cvss —epss 0.01
In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
- CVE-2022-36954Jul 27, 2022risk 0.00cvss —epss 0.01
In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
- CVE-2022-36955Jul 27, 2022risk 0.00cvss —epss 0.00
In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1.
- CVE-2022-36956Jul 27, 2022risk 0.00cvss —epss 0.00
In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1.
- CVE-2022-34901Jul 18, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The…
- CVE-2022-34900Jul 18, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific…
- CVE-2022-34899Jul 18, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The…
- CVE-2021-41570Apr 19, 2022risk 0.00cvss —epss 0.00
Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.
- CVE-2022-26778Mar 9, 2022risk 0.00cvss —epss 0.00
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized…
- CVE-2022-25820Mar 8, 2022risk 0.00cvss —epss 0.00
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.
- CVE-2022-26484Mar 4, 2022risk 0.00cvss —epss 0.03
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on…
- CVE-2022-26483Mar 4, 2022risk 0.00cvss —epss 0.00
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web…
- CVE-2021-20032Aug 10, 2021risk 0.00cvss —epss 0.02
SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier.
- CVE-2020-36160Jan 6, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can…
- CVE-2020-36161Jan 6, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a…
- CVE-2020-36162Jan 6, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems users can create…
- CVE-2020-36163Jan 6, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create…
- CVE-2020-36165Jan 6, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems,…
- CVE-2020-36166Jan 6, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the…
- CVE-2020-36167Jan 6, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf…
- CVE-2020-36168Jan 6, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By…
- CVE-2020-36169Jan 6, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create…
- CVE-2020-36159Jan 5, 2021risk 0.00cvss —epss 0.01
Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication.
- CVE-2020-27156Oct 15, 2020risk 0.00cvss —epss 0.02
Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user.
- CVE-2020-27157Oct 15, 2020risk 0.00cvss —epss 0.01
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the…
- CVE-2020-6300Aug 12, 2020risk 0.00cvss —epss 0.01
SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode…
- CVE-2020-15816Jul 17, 2020risk 0.00cvss —epss 0.04
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
- CVE-2020-12874May 14, 2020risk 0.00cvss —epss 0.01
Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server.
- CVE-2020-12875May 14, 2020risk 0.00cvss —epss 0.01
Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application.
- CVE-2020-12877May 14, 2020risk 0.00cvss —epss 0.01
Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication.
- CVE-2020-12876May 14, 2020risk 0.00cvss —epss 0.01
Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments.
- CVE-2020-5838May 13, 2020risk 0.00cvss —epss 0.01
Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users.
- CVE-2020-5837May 11, 2020risk 0.00cvss —epss 0.01
Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.
- CVE-2020-5836May 11, 2020risk 0.00cvss —epss 0.00
Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled.
- CVE-2020-5835May 11, 2020risk 0.00cvss —epss 0.00
Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine.
- CVE-2020-5834May 11, 2020risk 0.00cvss —epss 0.02
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory.
- CVE-2020-5833May 11, 2020risk 0.00cvss —epss 0.00
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
- CVE-2019-18375Apr 9, 2020risk 0.00cvss —epss 0.01
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.
- CVE-2012-6277Feb 21, 2020risk 0.00cvss —epss 0.08
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before…
Page 8 of 16