|
266401
|
9.8 |
CRITICAL
Network
|
google
|
android
|
decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory c…
|
CWE-20
Improper Input Validation
|
CVE-2016-3742
|
2024-11-21 11:50 |
2016-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266402
|
9.8 |
CRITICAL
Network
|
google
|
android
|
The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory …
|
CWE-20
Improper Input Validation
|
CVE-2016-3741
|
2024-11-21 11:50 |
2016-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266403
|
8.0 |
HIGH
Network
|
symantec
|
endpoint_protection_manager
|
Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the auth…
|
CWE-352
Origin Validation Error
|
CVE-2016-3653
|
2024-11-21 11:50 |
2016-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266404
|
5.4 |
MEDIUM
Network
|
symantec
|
endpoint_protection_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2016-3652
|
2024-11-21 11:50 |
2016-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266405
|
8.0 |
HIGH
Network
|
symantec
|
endpoint_protection_manager
|
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2016-3651
|
2024-11-21 11:50 |
2016-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266406
|
8.8 |
HIGH
Network
|
symantec
|
endpoint_protection_manager
|
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack.
|
CWE-200
CWE-254
Information Exposure
7PK - Security Features
|
CVE-2016-3650
|
2024-11-21 11:50 |
2016-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266407
|
4.3 |
MEDIUM
Network
|
symantec
|
endpoint_protection_manager
|
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests.
|
CWE-200
Information Exposure
|
CVE-2016-3649
|
2024-11-21 11:50 |
2016-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266408
|
8.8 |
HIGH
Network
|
symantec
|
endpoint_protection_manager
|
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing att…
|
CWE-200
CWE-254
Information Exposure
7PK - Security Features
|
CVE-2016-3648
|
2024-11-21 11:50 |
2016-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266409
|
7.7 |
HIGH
Network
|
symantec
|
endpoint_protection_manager
|
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intra…
|
NVD-CWE-Other
|
CVE-2016-3647
|
2024-11-21 11:50 |
2016-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266410
|
8.4 |
HIGH
Local
|
symantec
|
norton_security
protection_engine
advanced_threat_protection
norton_bootable_removal_tool
data_center_security_server
protection_for_sharepoint_servers
message_gateway_for_service_p…
|
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SE…
|
CWE-20
Improper Input Validation
|
CVE-2016-3646
|
2024-11-21 11:50 |
2016-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
