Vulnerabilites related to symantec - pgp_desktop
Vulnerability from fkie_nvd
Published
2013-08-05 13:22
Modified
2024-11-21 01:49
Severity ?
Summary
Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_desktop | 10.3.0 | |
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| symantec | pgp_desktop | 10.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "838DEBE6-2A04-4737-8282-5E7803B483A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBF6909-8372-4264-8510-53482589D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A873C35-C480-4A3D-A0B2-5BDAF794B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7928F8-9E18-495B-AF0A-FE64B3CA88A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BEA5BE-2595-4BE5-B0CC-405748925F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA810A7-C21B-4314-88CE-CC0018D6209F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6C464E-45C2-44B7-B474-4165C7FF9FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38F4B912-92AA-4438-80EE-C3C46775D59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5D7E1B-44AE-4EB7-940C-7010D92A1CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B704ED7-8438-4BCF-B062-5303C3D9CAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01D5E4E1-B128-4E77-A137-BA435082720C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de b\u00fasqueda de ruta no entrecomillada en Windows en RDDService en Symantec PGP Desktop v10.0.x hasta v10.2.x y Symantec Encryption Desktop v10.3.0 antes de MP3, permite a usuarios locales conseguir privilegios a trav\u00e9s de una aplicaci\u00f3n de caballo de Troya en el directorio %SYSTEMDRIVE% directorio de nivel superior."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027Untrusted Search Path CWE-426\u0027\r\n",
"id": "CVE-2013-1610",
"lastModified": "2024-11-21T01:49:59.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-05T13:22:52.647",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/61489"
},
{
"source": "secure@symantec.com",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130801_01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130801_01"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-23 19:55
Modified
2024-11-21 02:04
Severity ?
Summary
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_desktop | 10.3.0 | |
| symantec | encryption_desktop | 10.3.1 | |
| symantec | encryption_desktop | 10.3.2 | |
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| symantec | pgp_desktop | 10.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:professional:*:*:*",
"matchCriteriaId": "E73390D3-3DE8-43AB-980F-0885A6C57A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:professional:*:*:*",
"matchCriteriaId": "C641BF3B-033C-4E89-99D1-D0279176E85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:-:*:*:professional:*:*:*",
"matchCriteriaId": "D80F9A3B-E810-422C-9168-B58ADC983A9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBF6909-8372-4264-8510-53482589D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A873C35-C480-4A3D-A0B2-5BDAF794B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7928F8-9E18-495B-AF0A-FE64B3CA88A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BEA5BE-2595-4BE5-B0CC-405748925F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA810A7-C21B-4314-88CE-CC0018D6209F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6C464E-45C2-44B7-B474-4165C7FF9FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38F4B912-92AA-4438-80EE-C3C46775D59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5D7E1B-44AE-4EB7-940C-7010D92A1CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B704ED7-8438-4BCF-B062-5303C3D9CAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01D5E4E1-B128-4E77-A137-BA435082720C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."
},
{
"lang": "es",
"value": "Symantec PGP Desktop 10.0.x hasta 10.2.x y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP1 no realiza debidamente copias de memoria, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (violaci\u00f3n de lectura de acceso y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un certificado malformado."
}
],
"id": "CVE-2014-1646",
"lastModified": "2024-11-21T02:04:46.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-23T19:55:05.237",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/67016"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-22 01:55
Modified
2024-11-21 02:08
Severity ?
Summary
Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| symantec | pgp_desktop | 10.2.2 | |
| symantec | encryption_desktop | 10.3.0 | |
| symantec | encryption_desktop | 10.3.1 | |
| symantec | encryption_desktop | 10.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBF6909-8372-4264-8510-53482589D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A873C35-C480-4A3D-A0B2-5BDAF794B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7928F8-9E18-495B-AF0A-FE64B3CA88A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BEA5BE-2595-4BE5-B0CC-405748925F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA810A7-C21B-4314-88CE-CC0018D6209F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6C464E-45C2-44B7-B474-4165C7FF9FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38F4B912-92AA-4438-80EE-C3C46775D59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5D7E1B-44AE-4EB7-940C-7010D92A1CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B704ED7-8438-4BCF-B062-5303C3D9CAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01D5E4E1-B128-4E77-A137-BA435082720C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "838DEBE6-2A04-4737-8282-5E7803B483A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A86D6B8-93CC-40E6-8BF5-0562AC2CA962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D72FD2C-F7DC-4A8F-BB2A-101F19952282",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size."
},
{
"lang": "es",
"value": "Symantec Encryption Desktop 10.3.x anterior a 10.3.2 MP3, y Symantec PGP Desktop 10.0.x hasta 10.2.x, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo CPU y memoria) a trav\u00e9s de un mensaje de e-mail cifrado manipulado que se descomprime a un tama\u00f1o m\u00e1s grande."
}
],
"id": "CVE-2014-3436",
"lastModified": "2024-11-21T02:08:05.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-22T01:55:08.357",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/69259"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1030761"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140821_00"
},
{
"source": "secure@symantec.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140821_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95406"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-18 11:56
Modified
2024-11-21 01:42
Severity ?
Summary
Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_desktop | 10.3.0 | |
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "838DEBE6-2A04-4737-8282-5E7803B483A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "8ECF6686-DE99-4E36-8755-F9428167F709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "CCD53E72-7D94-437F-AE83-C077FAD671A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:-:*:*:*:windows:*:*",
"matchCriteriaId": "A0604C91-EC64-490B-9C94-00C1757DADE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:-:*:*:*:windows:*:*",
"matchCriteriaId": "1D633009-6006-4C62-8E23-F1380C66FA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "1F8F75CC-8725-44F1-9833-1279AE2FF49D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "6FA86438-9097-463D-8EA5-6E49A46215F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:-:*:*:*:windows:*:*",
"matchCriteriaId": "DBC102F4-B58F-43A7-BE48-849FA764ED32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "C13CC0B6-F19B-4CBB-ACE8-4105D672C8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "AA77179C-D1D1-4FCF-B1BF-2EA481966972",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application."
},
{
"lang": "es",
"value": "Desbordamiento de entero en pgpwded.sys en Symantec PGP Desktop v10.x y Encryption Desktop v10.3.0 antes MP1 permite a usuarios locales obtener privilegios a trav\u00e9s de una aplicaci\u00f3n dise\u00f1ada."
}
],
"id": "CVE-2012-4351",
"lastModified": "2024-11-21T01:42:43.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-18T11:56:38.540",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/57170"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-23 19:55
Modified
2024-11-21 02:04
Severity ?
Summary
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| symantec | pgp_desktop | 10.2.2 | |
| symantec | encryption_desktop | 10.3.0 | |
| symantec | encryption_desktop | 10.3.1 | |
| symantec | encryption_desktop | 10.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBF6909-8372-4264-8510-53482589D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A873C35-C480-4A3D-A0B2-5BDAF794B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7928F8-9E18-495B-AF0A-FE64B3CA88A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BEA5BE-2595-4BE5-B0CC-405748925F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA810A7-C21B-4314-88CE-CC0018D6209F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6C464E-45C2-44B7-B474-4165C7FF9FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38F4B912-92AA-4438-80EE-C3C46775D59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5D7E1B-44AE-4EB7-940C-7010D92A1CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B704ED7-8438-4BCF-B062-5303C3D9CAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01D5E4E1-B128-4E77-A137-BA435082720C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:professional:*:*:*",
"matchCriteriaId": "E73390D3-3DE8-43AB-980F-0885A6C57A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:professional:*:*:*",
"matchCriteriaId": "C641BF3B-033C-4E89-99D1-D0279176E85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:-:*:*:professional:*:*:*",
"matchCriteriaId": "D80F9A3B-E810-422C-9168-B58ADC983A9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."
},
{
"lang": "es",
"value": "Symantec PGP Desktop 10.0.x hasta 10.2.x y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP1 no realizan debidamente movimientos de bloques de datos, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (violaci\u00f3n de lectura de acceso y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un certificado malformado."
}
],
"id": "CVE-2014-1647",
"lastModified": "2024-11-21T02:04:46.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-23T19:55:05.267",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/67020"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-21 15:55
Modified
2024-11-21 02:08
Severity ?
Summary
Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_desktop | 10.3.0 | |
| symantec | encryption_desktop | 10.3.1 | |
| symantec | encryption_desktop | 10.3.2 | |
| symantec | encryption_desktop | 10.3.2 | |
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| symantec | pgp_desktop | 10.2.2 | |
| apple | mac_os_x | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:professional:*:*:*",
"matchCriteriaId": "E73390D3-3DE8-43AB-980F-0885A6C57A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.1:*:*:*:professional:*:*:*",
"matchCriteriaId": "C641BF3B-033C-4E89-99D1-D0279176E85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:-:*:*:professional:*:*:*",
"matchCriteriaId": "D80F9A3B-E810-422C-9168-B58ADC983A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.2:mp1:*:*:professional:*:*:*",
"matchCriteriaId": "64884C14-9E0D-4C8E-802E-D373DE80A506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBF6909-8372-4264-8510-53482589D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A873C35-C480-4A3D-A0B2-5BDAF794B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7928F8-9E18-495B-AF0A-FE64B3CA88A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59BEA5BE-2595-4BE5-B0CC-405748925F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA810A7-C21B-4314-88CE-CC0018D6209F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6C464E-45C2-44B7-B474-4165C7FF9FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38F4B912-92AA-4438-80EE-C3C46775D59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5D7E1B-44AE-4EB7-940C-7010D92A1CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B704ED7-8438-4BCF-B062-5303C3D9CAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01D5E4E1-B128-4E77-A137-BA435082720C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors."
},
{
"lang": "es",
"value": "Symantec PGP Desktop 10.x, y Encryption Desktop Professional 10.3.x anterior a 10.3.2 MP2, en OS X utiliza permisos de lectura universal para ficheros temporales, lo que permite a usuarios locales evadir restricciones sobre la lectura de ficheros, modificaci\u00f3n, creaci\u00f3n y cambios de permisos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3431",
"lastModified": "2024-11-21T02:08:05.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-21T15:55:04.680",
"references": [
{
"source": "secure@symantec.com",
"url": "http://secunia.com/advisories/59421"
},
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/68077"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1030454"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-18 11:56
Modified
2024-11-21 01:46
Severity ?
Summary
Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | pgp_desktop | 10.0.0 | |
| symantec | pgp_desktop | 10.0.1 | |
| symantec | pgp_desktop | 10.0.2 | |
| symantec | pgp_desktop | 10.0.3 | |
| symantec | pgp_desktop | 10.1.0 | |
| symantec | pgp_desktop | 10.1.1 | |
| symantec | pgp_desktop | 10.1.2 | |
| symantec | pgp_desktop | 10.2.0 | |
| symantec | pgp_desktop | 10.2.1 | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_xp | * | |
| symantec | encryption_desktop | 10.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "8ECF6686-DE99-4E36-8755-F9428167F709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "CCD53E72-7D94-437F-AE83-C077FAD671A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.2:-:*:*:*:windows:*:*",
"matchCriteriaId": "A0604C91-EC64-490B-9C94-00C1757DADE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.0.3:-:*:*:*:windows:*:*",
"matchCriteriaId": "1D633009-6006-4C62-8E23-F1380C66FA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "1F8F75CC-8725-44F1-9833-1279AE2FF49D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "6FA86438-9097-463D-8EA5-6E49A46215F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.1.2:-:*:*:*:windows:*:*",
"matchCriteriaId": "DBC102F4-B58F-43A7-BE48-849FA764ED32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "C13CC0B6-F19B-4CBB-ACE8-4105D672C8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_desktop:10.2.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "AA77179C-D1D1-4FCF-B1BF-2EA481966972",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_desktop:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "838DEBE6-2A04-4737-8282-5E7803B483A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en pgpwded.sys del Symantec PGP Desktop v10.x and Encryption Desktop v10.3.0 antes de MP1 en Windows XP y Server 2003 que permite a usuarios locales escalar privilegios por medio de aplicaciones creadas para este prop\u00f3sito."
}
],
"id": "CVE-2012-6533",
"lastModified": "2024-11-21T01:46:18.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-18T11:56:38.807",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/57835"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2014-1646
Vulnerability from cvelistv5
Published
2014-04-23 19:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/67016 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:09.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
},
{
"name": "67016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-23T19:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
},
{
"name": "67016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-1646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
},
{
"name": "67016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-1646",
"datePublished": "2014-04-23T19:00:00",
"dateReserved": "2014-01-23T00:00:00",
"dateUpdated": "2024-08-06T09:50:09.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1647
Vulnerability from cvelistv5
Published
2014-04-23 19:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/67020 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140423_00 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:09.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67020"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-23T19:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "67020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67020"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-1647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67020"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140423_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-1647",
"datePublished": "2014-04-23T19:00:00",
"dateReserved": "2014-01-23T00:00:00",
"dateUpdated": "2024-08-06T09:50:09.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3436
Vulnerability from cvelistv5
Published
2014-08-22 01:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95406 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1030761 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/69259 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140821_00 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "symantec-encryption-cve20143436-dos(95406)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95406"
},
{
"name": "1030761",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030761"
},
{
"name": "69259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140821_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "symantec-encryption-cve20143436-dos(95406)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95406"
},
{
"name": "1030761",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030761"
},
{
"name": "69259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140821_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-3436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-encryption-cve20143436-dos(95406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95406"
},
{
"name": "1030761",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030761"
},
{
"name": "69259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69259"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140821_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140821_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-3436",
"datePublished": "2014-08-22T01:00:00",
"dateReserved": "2014-05-09T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4351
Vulnerability from cvelistv5
Published
2013-02-18 11:00
Modified
2024-09-16 16:59
Severity ?
EPSS score ?
Summary
Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/57170 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:08.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57170",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57170"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-18T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57170",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57170"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57170"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4351",
"datePublished": "2013-02-18T11:00:00Z",
"dateReserved": "2012-08-16T00:00:00Z",
"dateUpdated": "2024-09-16T16:59:07.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6533
Vulnerability from cvelistv5
Published
2013-02-18 11:00
Modified
2024-09-17 03:22
Severity ?
EPSS score ?
Summary
Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/57835 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57835",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57835"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-18T11:00:00Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "57835",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57835"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2012-6533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57835"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2013\u0026suid=20130213_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2012-6533",
"datePublished": "2013-02-18T11:00:00Z",
"dateReserved": "2013-02-17T00:00:00Z",
"dateUpdated": "2024-09-17T03:22:24.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3431
Vulnerability from cvelistv5
Published
2014-06-21 15:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030454 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/68077 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/59421 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030454"
},
{
"name": "68077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
},
{
"name": "59421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-05T14:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1030454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030454"
},
{
"name": "68077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
},
{
"name": "59421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59421"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-3431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030454",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030454"
},
{
"name": "68077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68077"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140620_00"
},
{
"name": "59421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59421"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-3431",
"datePublished": "2014-06-21T15:00:00",
"dateReserved": "2014-05-09T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1610
Vulnerability from cvelistv5
Published
2013-08-04 20:00
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/61489 | vdb-entry, x_refsource_BID | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_01 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:49.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130801_01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-04T20:00:00Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "61489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130801_01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2013-1610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61489"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130801_01",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130801_01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2013-1610",
"datePublished": "2013-08-04T20:00:00Z",
"dateReserved": "2013-02-04T00:00:00Z",
"dateUpdated": "2024-09-17T00:46:32.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}