All the vulnerabilites related to symantec - encryption_desktop
Vulnerability from fkie_nvd
Published
2014-04-23 19:55
Modified
2024-11-21 02:04
Severity ?
Summary
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_desktop | 10.3.0 | |
| symantec | encryption_desktop | 10.3.1 | |
| symantec | encryption_desktop | 10.3.2 | |
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| symantec | pgp_desktop | 10.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:professional:*:*:*",
"matchCriteriaId": "E73390D3-3DE8-43AB-980F-0885A6C57A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:professional:*:*:*",
"matchCriteriaId": "C641BF3B-033C-4E89-99D1-D0279176E85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:-:*:*:professional:*:*:*",
"matchCriteriaId": "D80F9A3B-E810-422C-9168-B58ADC983A9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBF6909-8372-4264-8510-53482589D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A873C35-C480-4A3D-A0B2-5BDAF794B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7928F8-9E18-495B-AF0A-FE64B3CA88A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BEA5BE-2595-4BE5-B0CC-405748925F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA810A7-C21B-4314-88CE-CC0018D6209F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6C464E-45C2-44B7-B474-4165C7FF9FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38F4B912-92AA-4438-80EE-C3C46775D59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5D7E1B-44AE-4EB7-940C-7010D92A1CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B704ED7-8438-4BCF-B062-5303C3D9CAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01D5E4E1-B128-4E77-A137-BA435082720C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."
},
{
"lang": "es",
"value": "Symantec PGP Desktop 10.0.x hasta 10.2.x y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP1 no realiza debidamente copias de memoria, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (violaci\u00f3n de lectura de acceso y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un certificado malformado."
}
],
"id": "CVE-2014-1646",
"lastModified": "2024-11-21T02:04:46.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-23T19:55:05.237",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/67016"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-05 13:22
Modified
2024-11-21 01:49
Severity ?
Summary
Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_desktop | 10.3.0 | |
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| symantec | pgp_desktop | 10.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "838DEBE6-2A04-4737-8282-5E7803B483A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBF6909-8372-4264-8510-53482589D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A873C35-C480-4A3D-A0B2-5BDAF794B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7928F8-9E18-495B-AF0A-FE64B3CA88A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BEA5BE-2595-4BE5-B0CC-405748925F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA810A7-C21B-4314-88CE-CC0018D6209F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6C464E-45C2-44B7-B474-4165C7FF9FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38F4B912-92AA-4438-80EE-C3C46775D59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5D7E1B-44AE-4EB7-940C-7010D92A1CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B704ED7-8438-4BCF-B062-5303C3D9CAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01D5E4E1-B128-4E77-A137-BA435082720C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de b\u00fasqueda de ruta no entrecomillada en Windows en RDDService en Symantec PGP Desktop v10.0.x hasta v10.2.x y Symantec Encryption Desktop v10.3.0 antes de MP3, permite a usuarios locales conseguir privilegios a trav\u00e9s de una aplicaci\u00f3n de caballo de Troya en el directorio %SYSTEMDRIVE% directorio de nivel superior."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027Untrusted Search Path CWE-426\u0027\r\n",
"id": "CVE-2013-1610",
"lastModified": "2024-11-21T01:49:59.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-05T13:22:52.647",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/61489"
},
{
"source": "secure@symantec.com",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130801_01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130801_01"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-21 15:55
Modified
2024-11-21 02:08
Severity ?
Summary
Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_desktop | 10.3.0 | |
| symantec | encryption_desktop | 10.3.1 | |
| symantec | encryption_desktop | 10.3.2 | |
| symantec | encryption_desktop | 10.3.2 | |
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| symantec | pgp_desktop | 10.2.2 | |
| apple | mac_os_x | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:professional:*:*:*",
"matchCriteriaId": "E73390D3-3DE8-43AB-980F-0885A6C57A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:professional:*:*:*",
"matchCriteriaId": "C641BF3B-033C-4E89-99D1-D0279176E85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:-:*:*:professional:*:*:*",
"matchCriteriaId": "D80F9A3B-E810-422C-9168-B58ADC983A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:mp1:*:*:professional:*:*:*",
"matchCriteriaId": "64884C14-9E0D-4C8E-802E-D373DE80A506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBF6909-8372-4264-8510-53482589D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A873C35-C480-4A3D-A0B2-5BDAF794B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7928F8-9E18-495B-AF0A-FE64B3CA88A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BEA5BE-2595-4BE5-B0CC-405748925F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA810A7-C21B-4314-88CE-CC0018D6209F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6C464E-45C2-44B7-B474-4165C7FF9FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38F4B912-92AA-4438-80EE-C3C46775D59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5D7E1B-44AE-4EB7-940C-7010D92A1CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B704ED7-8438-4BCF-B062-5303C3D9CAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01D5E4E1-B128-4E77-A137-BA435082720C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors."
},
{
"lang": "es",
"value": "Symantec PGP Desktop 10.x, y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP2, en OS X utiliza permisos de lectura universal para ficheros temporales, lo que permite a usuarios locales evadir restricciones sobre la lectura de ficheros, modificaci\u00f3n, creaci\u00f3n y cambios de permisos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3431",
"lastModified": "2024-11-21T02:08:05.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-21T15:55:04.680",
"references": [
{
"source": "secure@symantec.com",
"url": "http://secunia.com/advisories/59421"
},
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/68077"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1030454"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-23 19:55
Modified
2024-11-21 02:04
Severity ?
Summary
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| symantec | pgp_desktop | 10.2.2 | |
| symantec | encryption_desktop | 10.3.0 | |
| symantec | encryption_desktop | 10.3.1 | |
| symantec | encryption_desktop | 10.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBF6909-8372-4264-8510-53482589D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A873C35-C480-4A3D-A0B2-5BDAF794B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7928F8-9E18-495B-AF0A-FE64B3CA88A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BEA5BE-2595-4BE5-B0CC-405748925F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA810A7-C21B-4314-88CE-CC0018D6209F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6C464E-45C2-44B7-B474-4165C7FF9FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38F4B912-92AA-4438-80EE-C3C46775D59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5D7E1B-44AE-4EB7-940C-7010D92A1CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B704ED7-8438-4BCF-B062-5303C3D9CAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01D5E4E1-B128-4E77-A137-BA435082720C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:professional:*:*:*",
"matchCriteriaId": "E73390D3-3DE8-43AB-980F-0885A6C57A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:professional:*:*:*",
"matchCriteriaId": "C641BF3B-033C-4E89-99D1-D0279176E85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:-:*:*:professional:*:*:*",
"matchCriteriaId": "D80F9A3B-E810-422C-9168-B58ADC983A9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."
},
{
"lang": "es",
"value": "Symantec PGP Desktop 10.0.x hasta 10.2.x y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP1 no realizan debidamente movimientos de bloques de datos, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (violaci\u00f3n de lectura de acceso y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un certificado malformado."
}
],
"id": "CVE-2014-1647",
"lastModified": "2024-11-21T02:04:46.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-23T19:55:05.267",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/67020"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-18 11:56
Modified
2024-11-21 01:46
Severity ?
Summary
Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_xp | * | |
| symantec | encryption_desktop | 10.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "8ECF6686-DE99-4E36-8755-F9428167F709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "CCD53E72-7D94-437F-AE83-C077FAD671A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:-:*:*:*:windows:*:*",
"matchCriteriaId": "A0604C91-EC64-490B-9C94-00C1757DADE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:-:*:*:*:windows:*:*",
"matchCriteriaId": "1D633009-6006-4C62-8E23-F1380C66FA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "1F8F75CC-8725-44F1-9833-1279AE2FF49D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "6FA86438-9097-463D-8EA5-6E49A46215F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:-:*:*:*:windows:*:*",
"matchCriteriaId": "DBC102F4-B58F-43A7-BE48-849FA764ED32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "C13CC0B6-F19B-4CBB-ACE8-4105D672C8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "AA77179C-D1D1-4FCF-B1BF-2EA481966972",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "838DEBE6-2A04-4737-8282-5E7803B483A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en pgpwded.sys del Symantec PGP Desktop v10.x and Encryption Desktop v10.3.0 antes de MP1 en Windows XP y Server 2003 que permite a usuarios locales escalar privilegios por medio de aplicaciones creadas para este prop\u00f3sito."
}
],
"id": "CVE-2012-6533",
"lastModified": "2024-11-21T01:46:18.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-18T11:56:38.807",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/57835"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-23 20:29
Modified
2024-11-21 03:11
Severity ?
Summary
In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F56EA450-B324-4016-B461-772CFCF28E1A",
"versionEndIncluding": "10.4.1",
"versionStartIncluding": "10.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code."
},
{
"lang": "es",
"value": "En Symantec Encryption Desktop en versiones anteriores a SED 10.4.1 MP2HF1, una fuga de memoria de kernel es un tipo de fuga de recursos que puede ocurrir cuando un programa inform\u00c3\u00a1tico gestiona incorrectamente asignaciones de memoria de manera que la memoria que ya no se necesite no se libere. En programaci\u00c3\u00b3n orientada a objetos, puede ocurrir una fuga de memoria cuando un objeto se almacena en la memoria pero el c\u00c3\u00b3digo que se ejecuta no puede acceder a \u00c3\u00a9l."
}
],
"id": "CVE-2017-13682",
"lastModified": "2024-11-21T03:11:25.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-23T20:29:00.200",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101497"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171009_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171009_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-08 16:15
Modified
2024-11-21 02:56
Severity ?
Summary
A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/94279 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | http://www.securitytracker.com/id/1037302 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://support.symantec.com/us/en/article.symsa1385.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94279 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037302 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.symantec.com/us/en/article.symsa1385.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_desktop | * | |
| symantec | endpoint_encryption | * | |
| symantec | endpoint_encryption | 7.6 | |
| symantec | ghost_solution_suite | 3.1 | |
| symantec | ghost_solution_suite | 3.1 | |
| symantec | ghost_solution_suite | 3.1 | |
| symantec | ghost_solution_suite | 3.1 | |
| symantec | it_management_suite | 7.6 | |
| symantec | it_management_suite | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8D6248-A467-42E3-91FB-5DDF0D7F569C",
"versionEndExcluding": "10.4.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_encryption:*:*:*:*:*:*:*:*",
"matchCriteriaId": "796EE952-7B18-4F2D-A1A7-529A7127C5F5",
"versionEndExcluding": "7.6",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_encryption:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AB53496E-9E66-4FB2-A86F-C6153A163305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solution_suite:3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "2DC2C82A-C0DE-48E0-B805-49F26D523168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solution_suite:3.1:maintenance_pack1:*:*:*:*:*:*",
"matchCriteriaId": "A3068E0D-EEF2-4D63-AE0D-54025DBD78F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solution_suite:3.1:maintenance_pack2:*:*:*:*:*:*",
"matchCriteriaId": "90A390EB-8DB2-4626-88A1-63E55BEEE716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:ghost_solution_suite:3.1:maintenance_pack3:*:*:*:*:*:*",
"matchCriteriaId": "A3B6CC37-2CE2-4F6B-BE0A-50124B09D085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:it_management_suite:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4F07D13E-7BAC-41E8-8774-6278ED4947CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:it_management_suite:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D879F92-4706-4D48-BD87-BA689C59E786",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escalada de privilegios cuando se cargan bibliotecas DLL durante el arranque y el reinicio en Symantec IT Management Suite versiones 8.0 anteriores a la versi\u00f3n 8.0 HF4 y Suite versiones 7.6 anteriores a la versi\u00f3n 7.6 HF7, Symantec Ghost Solution Suite versiones 3.1 anteriores a la versi\u00f3n 3.1 MP4, Symantec Endpoint Virtualization versiones 7.x anteriores a la versi\u00f3n 7.6 HF7 y Symantec Encryption Desktop versiones 10.x anteriores a la versi\u00f3n 10.4.1, lo que podr\u00eda permitir a un usuario malicioso local ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2016-6590",
"lastModified": "2024-11-21T02:56:23.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-08T16:15:10.517",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94279"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037302"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.symsa1385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.symsa1385.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-22 01:55
Modified
2024-11-21 02:08
Severity ?
Summary
Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| symantec | pgp_desktop | 10.2.2 | |
| symantec | encryption_desktop | 10.3.0 | |
| symantec | encryption_desktop | 10.3.1 | |
| symantec | encryption_desktop | 10.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBF6909-8372-4264-8510-53482589D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A873C35-C480-4A3D-A0B2-5BDAF794B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7928F8-9E18-495B-AF0A-FE64B3CA88A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BEA5BE-2595-4BE5-B0CC-405748925F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA810A7-C21B-4314-88CE-CC0018D6209F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6C464E-45C2-44B7-B474-4165C7FF9FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38F4B912-92AA-4438-80EE-C3C46775D59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5D7E1B-44AE-4EB7-940C-7010D92A1CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B704ED7-8438-4BCF-B062-5303C3D9CAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01D5E4E1-B128-4E77-A137-BA435082720C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "838DEBE6-2A04-4737-8282-5E7803B483A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A86D6B8-93CC-40E6-8BF5-0562AC2CA962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D72FD2C-F7DC-4A8F-BB2A-101F19952282",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size."
},
{
"lang": "es",
"value": "Symantec Encryption Desktop 10.3.x anterior a 10.3.2 MP3, y Symantec PGP Desktop 10.0.x hasta 10.2.x, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo CPU y memoria) a trav\u00e9s de un mensaje de e-mail cifrado manipulado que se descomprime a un tama\u00f1o m\u00e1s grande."
}
],
"id": "CVE-2014-3436",
"lastModified": "2024-11-21T02:08:05.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-22T01:55:08.357",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/69259"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1030761"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140821_00"
},
{
"source": "secure@symantec.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140821_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95406"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-13 14:29
Modified
2024-11-21 03:29
Severity ?
Summary
Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:*:mp1:*:*:*:*:*:*",
"matchCriteriaId": "8E11C5A7-A579-4C6C-B5C0-1ED3EEA03166",
"versionEndIncluding": "10.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests.\""
},
{
"lang": "es",
"value": "Symantec Encryption Desktop en versiones anteriores a SED 10.4.1MP2 puede permitir que atacantes remotos provoquen una denegaci\u00f3n de servicio (consumo de recursos) mediante peticiones web manipuladas."
}
],
"id": "CVE-2017-6330",
"lastModified": "2024-11-21T03:29:34.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-13T14:29:00.263",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100552"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170907_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170907_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-18 11:56
Modified
2024-11-21 01:42
Severity ?
Summary
Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_desktop | 10.3.0 | |
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "838DEBE6-2A04-4737-8282-5E7803B483A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "8ECF6686-DE99-4E36-8755-F9428167F709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "CCD53E72-7D94-437F-AE83-C077FAD671A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:-:*:*:*:windows:*:*",
"matchCriteriaId": "A0604C91-EC64-490B-9C94-00C1757DADE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:-:*:*:*:windows:*:*",
"matchCriteriaId": "1D633009-6006-4C62-8E23-F1380C66FA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "1F8F75CC-8725-44F1-9833-1279AE2FF49D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "6FA86438-9097-463D-8EA5-6E49A46215F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:-:*:*:*:windows:*:*",
"matchCriteriaId": "DBC102F4-B58F-43A7-BE48-849FA764ED32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "C13CC0B6-F19B-4CBB-ACE8-4105D672C8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "AA77179C-D1D1-4FCF-B1BF-2EA481966972",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application."
},
{
"lang": "es",
"value": "Desbordamiento de entero en pgpwded.sys en Symantec PGP Desktop v10.x y Encryption Desktop v10.3.0 antes MP1 permite a usuarios locales obtener privilegios a trav\u00e9s de una aplicaci\u00f3n dise\u00f1ada."
}
],
"id": "CVE-2012-4351",
"lastModified": "2024-11-21T01:42:43.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-18T11:56:38.540",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/57170"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-10 19:29
Modified
2024-11-21 03:11
Severity ?
Summary
A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/101090 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171009_00 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101090 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171009_00 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:*:mp2:*:*:*:*:*:*",
"matchCriteriaId": "307C6348-9B61-4C9A-A2A3-BDCBF13879AA",
"versionEndIncluding": "10.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network."
},
{
"lang": "es",
"value": "Un ataque de denegaci\u00f3n de servicio (DoS) en Symantec Encryption Desktop en versiones anteriores a SED 10.4.1 MP2HF1 permite a atacantes remotos que hagan que una m\u00e1quina o un recurso de red en particular deje de estar disponible para los usuarios que deber\u00edan tener acceso a dicho recurso interrumpiendo servicios de un host espec\u00edfico en una red de manera temporal o indefinida."
}
],
"id": "CVE-2017-13679",
"lastModified": "2024-11-21T03:11:24.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.4,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 2.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-10T19:29:00.260",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101090"
},
{
"source": "secure@symantec.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171009_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171009_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-4351
Vulnerability from cvelistv5
Published
2013-02-18 11:00
Modified
2024-09-16 16:59
Severity ?
EPSS score ?
Summary
Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/57170 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:08.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57170",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57170"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-18T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57170",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57170"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57170"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4351",
"datePublished": "2013-02-18T11:00:00Z",
"dateReserved": "2012-08-16T00:00:00Z",
"dateUpdated": "2024-09-16T16:59:07.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-13682
Vulnerability from cvelistv5
Published
2017-10-23 20:00
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171009_00 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101497 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Symantec Corporation | Symantec Encryption Desktop |
Version: prior to SED 10.4.1 MP2HF1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171009_00"
},
{
"name": "101497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Encryption Desktop",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "prior to SED 10.4.1 MP2HF1"
}
]
}
],
"datePublic": "2017-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel Memory Leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T09:57:02",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171009_00"
},
{
"name": "101497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2017-13682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Encryption Desktop",
"version": {
"version_data": [
{
"version_value": "prior to SED 10.4.1 MP2HF1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel Memory Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171009_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171009_00"
},
{
"name": "101497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2017-13682",
"datePublished": "2017-10-23T20:00:00",
"dateReserved": "2017-08-24T00:00:00",
"dateUpdated": "2024-08-05T19:05:19.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6330
Vulnerability from cvelistv5
Published
2017-09-13 14:00
Modified
2024-09-16 22:14
Severity ?
EPSS score ?
Summary
Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests."
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170907_00 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100552 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Symantec Corporation | Symantec Encryption Desktop |
Version: SED prior to 10.4.1MP2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170907_00"
},
{
"name": "100552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Encryption Desktop",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "SED prior to 10.4.1MP2"
}
]
}
],
"datePublic": "2017-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-14T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170907_00"
},
{
"name": "100552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2017-09-07T00:00:00",
"ID": "CVE-2017-6330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Encryption Desktop",
"version": {
"version_data": [
{
"version_value": "SED prior to 10.4.1MP2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170907_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170907_00"
},
{
"name": "100552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2017-6330",
"datePublished": "2017-09-13T14:00:00Z",
"dateReserved": "2017-02-26T00:00:00",
"dateUpdated": "2024-09-16T22:14:37.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3431
Vulnerability from cvelistv5
Published
2014-06-21 15:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030454 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/68077 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/59421 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030454"
},
{
"name": "68077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
},
{
"name": "59421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-05T14:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1030454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030454"
},
{
"name": "68077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
},
{
"name": "59421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59421"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-3431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030454",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030454"
},
{
"name": "68077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68077"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
},
{
"name": "59421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59421"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-3431",
"datePublished": "2014-06-21T15:00:00",
"dateReserved": "2014-05-09T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6533
Vulnerability from cvelistv5
Published
2013-02-18 11:00
Modified
2024-09-17 03:22
Severity ?
EPSS score ?
Summary
Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/57835 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57835",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57835"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-18T11:00:00Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "57835",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57835"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2012-6533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57835"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2012-6533",
"datePublished": "2013-02-18T11:00:00Z",
"dateReserved": "2013-02-17T00:00:00Z",
"dateUpdated": "2024-09-17T03:22:24.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1646
Vulnerability from cvelistv5
Published
2014-04-23 19:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/67016 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:09.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
},
{
"name": "67016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-23T19:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
},
{
"name": "67016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-1646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
},
{
"name": "67016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-1646",
"datePublished": "2014-04-23T19:00:00",
"dateReserved": "2014-01-23T00:00:00",
"dateUpdated": "2024-08-06T09:50:09.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-13679
Vulnerability from cvelistv5
Published
2017-10-10 19:00
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101090 | vdb-entry, x_refsource_BID | |
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171009_00 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101090"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171009_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-11T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "101090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101090"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171009_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2017-13679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101090"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171009_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171009_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2017-13679",
"datePublished": "2017-10-10T19:00:00",
"dateReserved": "2017-08-24T00:00:00",
"dateUpdated": "2024-08-05T19:05:19.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6590
Vulnerability from cvelistv5
Published
2020-01-08 15:43
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94279 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1037302 | x_refsource_MISC | |
| https://support.symantec.com/us/en/article.symsa1385.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Symantec | IT Management Suite |
Version: 8.0 prior to 8.0 HF4 and 7.6 prior to 7.6 HF7 |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94279"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037302"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.symsa1385.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IT Management Suite",
"vendor": "Symantec",
"versions": [
{
"status": "affected",
"version": "8.0 prior to 8.0 HF4 and 7.6 prior to 7.6 HF7"
}
]
},
{
"product": "Ghost Solution Suite",
"vendor": "Symantec",
"versions": [
{
"status": "affected",
"version": "3.1 prior to 3.1 MP4"
}
]
},
{
"product": "Symantec Endpoint Virtualization",
"vendor": "Symantec",
"versions": [
{
"status": "affected",
"version": "7.x prior to 7.6 HF"
}
]
},
{
"product": "Encryption Desktop",
"vendor": "Symantec",
"versions": [
{
"status": "affected",
"version": "0.x prior to 10.4.1"
},
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "untrusted search path",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-08T15:43:33",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/94279"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1037302"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.symsa1385.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-6590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IT Management Suite",
"version": {
"version_data": [
{
"version_value": "8.0 prior to 8.0 HF4 and 7.6 prior to 7.6 HF7"
}
]
}
},
{
"product_name": "Ghost Solution Suite",
"version": {
"version_data": [
{
"version_value": "3.1 prior to 3.1 MP4"
}
]
}
},
{
"product_name": "Symantec Endpoint Virtualization",
"version": {
"version_data": [
{
"version_value": "7.x prior to 7.6 HF"
}
]
}
},
{
"product_name": "Encryption Desktop",
"version": {
"version_data": [
{
"version_value": "0.x prior to 10.4.1"
},
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Symantec"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "untrusted search path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/94279",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/94279"
},
{
"name": "http://www.securitytracker.com/id/1037302",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1037302"
},
{
"name": "https://support.symantec.com/us/en/article.symsa1385.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.symsa1385.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-6590",
"datePublished": "2020-01-08T15:43:33",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-08-06T01:36:28.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3436
Vulnerability from cvelistv5
Published
2014-08-22 01:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95406 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1030761 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/69259 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140821_00 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "symantec-encryption-cve20143436-dos(95406)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95406"
},
{
"name": "1030761",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030761"
},
{
"name": "69259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140821_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "symantec-encryption-cve20143436-dos(95406)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95406"
},
{
"name": "1030761",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030761"
},
{
"name": "69259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140821_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-3436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-encryption-cve20143436-dos(95406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95406"
},
{
"name": "1030761",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030761"
},
{
"name": "69259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69259"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140821_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140821_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-3436",
"datePublished": "2014-08-22T01:00:00",
"dateReserved": "2014-05-09T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1647
Vulnerability from cvelistv5
Published
2014-04-23 19:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/67020 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:09.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67020"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-23T19:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "67020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67020"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-1647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67020"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-1647",
"datePublished": "2014-04-23T19:00:00",
"dateReserved": "2014-01-23T00:00:00",
"dateUpdated": "2024-08-06T09:50:09.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1610
Vulnerability from cvelistv5
Published
2013-08-04 20:00
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/61489 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_01 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:49.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130801_01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-04T20:00:00Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "61489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130801_01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2013-1610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61489"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130801_01",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130801_01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2013-1610",
"datePublished": "2013-08-04T20:00:00Z",
"dateReserved": "2013-02-04T00:00:00Z",
"dateUpdated": "2024-09-17T00:46:32.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}