cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-23614,https://securityvulnerability.io/vulnerability/CVE-2024-23614,Symantec Messaging Gateway Buffer Overflow,"A buffer overflow vulnerability has been identified in Symantec Messaging Gateway versions 9.5 and earlier. This weakness allows remote, anonymous attackers to exploit the system and execute arbitrary code with root privileges. The vulnerability poses significant risks to the security and functionality of messaging infrastructures, highlighting the importance of timely software updates and patches to mitigate potential threats.",Symantec,Messaging Gateway,9.8,CRITICAL,0.010739999823272228,false,,false,false,false,,,false,false,,2024-01-26T00:15:00.000Z,0
CVE-2024-23615,https://securityvulnerability.io/vulnerability/CVE-2024-23615,Remote Code Execution Vulnerability in Symantec Messaging Gateway,"A buffer overflow vulnerability has been identified in Symantec Messaging Gateway, specifically in versions 10.5 and earlier. This flaw allows a remote and anonymous attacker to exploit the vulnerability, potentially leading to remote code execution with root privileges. Organizations utilizing affected versions of Symantec Messaging Gateway should prioritize implementing security updates and patching procedures to guard against potential attacks leveraging this vulnerability. Awareness and proactive measures are essential in securing systems against remote exploitation risks.",Symantec,Messaging Gateway,9.8,CRITICAL,0.010739999823272228,false,,false,false,false,,,false,false,,2024-01-26T00:15:00.000Z,0
CVE-2022-25629,https://securityvulnerability.io/vulnerability/CVE-2022-25629,Annotation Execution Vulnerability in Broadcom Product,"An authenticated user with permission to add or edit annotations may create a malicious annotation that can be executed on the annotations page, posing a significant security risk. This vulnerability allows for potential exploitation through crafted content that could affect the integrity of the application.",Symantec,Symantec Messaging Gateway,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-12-09T00:00:00.000Z,0
CVE-2022-25630,https://securityvulnerability.io/vulnerability/CVE-2022-25630,Cross-Site Scripting Vulnerability in Symantec Messaging Gateway by Broadcom,"An authenticated user in Symantec Messaging Gateway can exploit a cross-site scripting vulnerability by embedding malicious content within the admin group policy page. This could allow for the execution of arbitrary scripts in the context of an administrator's session, potentially compromising sensitive information or altering configurations without authorization.",Symantec,Symantec Messaging Gateway,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-12-09T00:00:00.000Z,0
CVE-2019-18379,https://securityvulnerability.io/vulnerability/CVE-2019-18379,Server-Side Request Forgery Vulnerability in Symantec Messaging Gateway,"Symantec Messaging Gateway, before version 10.7.3, features a security flaw where an attacker can conduct server-side request forgery (SSRF). This vulnerability allows unauthorized crafting of requests from the backend server, potentially exposing internal services and resources that should be safeguarded from external access, especially those reachable via the loopback interface. Proper security measures should be implemented to mitigate risks associated with this vulnerability and ensure comprehensive protection of systems.",Symantec,Symantec Messaging Gateway,7.3,HIGH,0.0008299999753944576,false,,false,false,false,,,false,false,,2019-12-11T15:49:28.000Z,0
CVE-2019-18378,https://securityvulnerability.io/vulnerability/CVE-2019-18378,Cross-Site Scripting Vulnerability in Symantec Messaging Gateway,"The vulnerability in Symantec Messaging Gateway allows for a cross-site scripting exploit where attackers can inject malicious client-side scripts into web pages. This exploit can enable the attackers to bypass existing access controls, potentially compromising user data and system integrity. Ensuring that your installation is updated to version 10.7.3 or later is crucial to protect against these kinds of vulnerabilities.",Symantec,Symantec Messaging Gateway,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-12-11T15:49:17.000Z,0
CVE-2019-18377,https://securityvulnerability.io/vulnerability/CVE-2019-18377,Privilege Escalation Vulnerability in Symantec Messaging Gateway,"The vulnerability in Symantec Messaging Gateway prior to version 10.7.3 allows attackers to potentially escalate privileges, risking unauthorized access to protected resources. This flaw could enable an attacker to compromise the application and perform actions that are normally restricted, thereby undermining the security integrity of the messaging environment.",Symantec,Symantec Messaging Gateway,7.2,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2019-12-11T15:49:05.000Z,0
CVE-2019-9699,https://securityvulnerability.io/vulnerability/CVE-2019-9699,Information Disclosure Vulnerability in Symantec Messaging Gateway,"The Symantec Messaging Gateway, prior to version 10.7.0, is susceptible to an information disclosure vulnerability. This issue could potentially enable unauthorized individuals to gain access to sensitive data, compromising the confidentiality of the information processed by the gateway. Users are strongly recommended to upgrade to the latest version to mitigate this risk.",Symantec,Symantec Messaging Gateway,4.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2019-10-24T15:32:19.000Z,0
CVE-2019-12751,https://securityvulnerability.io/vulnerability/CVE-2019-12751,Privilege Escalation Vulnerability in Symantec Messaging Gateway,"Symantec Messaging Gateway, prior to version 10.7.1, has a vulnerability that allows an attacker to escalate privileges. This could permit unauthorized users to access restricted resources, posing a significant risk to the integrity of the application and the systems that rely on it. Timely updates and proper security measures are essential to mitigate potential attacks.",Symantec,Symantec Messaging Gateway,9.8,CRITICAL,0.0037700000684708357,false,,false,false,false,,,false,false,,2019-07-11T20:01:31.000Z,0
CVE-2018-12243,https://securityvulnerability.io/vulnerability/CVE-2018-12243,,"The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.",Symantec Corporation,Symantec Messaging Gateway,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2018-09-19T15:29:00.000Z,0
CVE-2018-12242,https://securityvulnerability.io/vulnerability/CVE-2018-12242,,"The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.",Symantec Corporation,Symantec Messaging Gateway,9.8,CRITICAL,0.0027699999045580626,false,,false,false,false,,,false,false,,2018-09-19T15:29:00.000Z,0
CVE-2017-15532,https://securityvulnerability.io/vulnerability/CVE-2017-15532,,"Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.",Symantec Corporation,Messaging Gateway,5.7,MEDIUM,0.001560000004246831,false,,false,false,false,,,false,false,,2017-12-20T00:00:00.000Z,0
CVE-2017-6327,https://securityvulnerability.io/vulnerability/CVE-2017-6327,,"The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.",Symantec Corporation,Messaging Gateway,8.8,HIGH,0.4144600033760071,true,2021-11-03T00:00:00.000Z,false,false,true,2021-11-03T00:00:00.000Z,true,false,false,,2017-08-11T20:29:00.000Z,0
CVE-2017-6328,https://securityvulnerability.io/vulnerability/CVE-2017-6328,,"The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser.",Symantec Corporation,Messaging Gateway,8.8,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2017-08-11T20:29:00.000Z,0
CVE-2017-6326,https://securityvulnerability.io/vulnerability/CVE-2017-6326,,"The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.",Symantec Corporation,Messaging Gateway,10,CRITICAL,0.6061599850654602,false,,false,false,true,2017-06-10T09:23:12.000Z,true,false,false,,2017-06-26T21:00:00.000Z,0
CVE-2017-6324,https://securityvulnerability.io/vulnerability/CVE-2017-6324,,"The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application.",Symantec Corporation,Messaging Gateway,7.3,HIGH,0.001509999972768128,false,,false,false,false,,,false,false,,2017-06-26T21:00:00.000Z,0
CVE-2017-6325,https://securityvulnerability.io/vulnerability/CVE-2017-6325,,"The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application.",Symantec Corporation,Messaging Gateway,6.6,MEDIUM,0.006659999955445528,false,,false,false,false,,,false,false,,2017-06-26T21:00:00.000Z,0
CVE-2016-5310,https://securityvulnerability.io/vulnerability/CVE-2016-5310,,"The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.",Symantec,"Protection Engine,Protection For Sharepoint Servers,Mail Security For Microsoft Exchange,Messaging Gateway,Mail Security For Domino,Endpoint Protection,Endpoint Protection For Small Business,Web Security.cloud,Messaging Gateway For Service Providers,Advanced Threat Protection,Email Security.cloud,Endpoint Protection Cloud,CSAPi,Web Gateway,Symantec Data Center Security Server",5.5,MEDIUM,0.0062500000931322575,false,,false,false,false,,,false,false,,2017-04-14T18:00:00.000Z,0
CVE-2016-5309,https://securityvulnerability.io/vulnerability/CVE-2016-5309,,"The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.",Symantec,"Protection Engine,Protection For Sharepoint Servers,Mail Security For Microsoft Exchange,Messaging Gateway,Mail Security For Domino,Endpoint Protection,Endpoint Protection For Small Business,Web Security.cloud,Messaging Gateway For Service Providers,Advanced Threat Protection,Email Security.cloud,Endpoint Protection Cloud,CSAPi,Web Gateway,Symantec Data Center Security Server",5.5,MEDIUM,0.0030300000216811895,false,,false,false,false,,,false,false,,2017-04-14T18:00:00.000Z,0
CVE-2016-5312,https://securityvulnerability.io/vulnerability/CVE-2016-5312,,Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.,Symantec,Messaging Gateway,6.5,MEDIUM,0.9074500203132629,false,,false,false,false,,,false,false,,2017-04-14T18:00:00.000Z,0
CVE-2016-2203,https://securityvulnerability.io/vulnerability/CVE-2016-2203,,The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.,Symantec,Messaging Gateway,7.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2016-04-22T18:00:00.000Z,0
CVE-2016-2204,https://securityvulnerability.io/vulnerability/CVE-2016-2204,,The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input.,Symantec,Messaging Gateway,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2016-04-22T18:00:00.000Z,0
CVE-2014-1648,https://securityvulnerability.io/vulnerability/CVE-2014-1648,,Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.,Symantec,Messaging Gateway,,,0.38025999069213867,false,,false,false,false,,,false,false,,2014-04-23T10:00:00.000Z,0
CVE-2012-4347,https://securityvulnerability.io/vulnerability/CVE-2012-4347,,Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.,Symantec,Messaging Gateway,,,0.8331699967384338,false,,false,false,false,,,false,false,,2012-12-05T11:00:00.000Z,0
CVE-2012-3580,https://securityvulnerability.io/vulnerability/CVE-2012-3580,,Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface.,Symantec,Messaging Gateway,,,0.0010900000343099236,false,,false,false,false,,,false,false,,2012-08-29T10:00:00.000Z,0