Security Updates

Security Updates http://www.symantec.com/security_response/securityupdates/list.jsp?fid=security_advisory Security Advisories Relating to Symantec Products en-us Symantec Messaging Gateway Management Console Stored XSS Revisions 5/10/2013 - Corrected affected product name.  Symantec Brightmail Gateway was rebranded Symantec Messaging Gateway with the 9.5.x release.   Severity   ... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130508_00 Wed, 8 May 2013 09:23:13 PDT Symantec Enterprise Vault Local Elevation of Privilege Revisions   None   Severity   CVSS2 Base Score Impact Exploitability CVSS2 Vector EV unquoted search path local elevation of privilege... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130321_00 Thu, 21 Mar 2013 09:51:01 PDT Symantec NetBackup Management Console Directory Traversal File Download Revisions   None   Severity   CVSS2 Base Score Impact Exploitability CVSS2 Vector NBU Management Console Directory Traversal File Down... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130320_00 Wed, 20 Mar 2013 09:36:56 PDT Symantec Encryption Desktop Local Access Elevation of Privilege Revisions 2/18/2013 - Revised CVE ID for the PGP Desktop pgpwded.sys.driver local access buffer overflow from CVE-2012-4352 to CVE-2012-6533 due to duplicate assignment for CVE-2012-4352... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00 Wed, 13 Feb 2013 11:54:53 PST Symantec Enterprise Security Manager Manager/Agent Local Elevation of Privilege Revisions   None   Severity   CVSS2 Base Score Impact Exploitability CVSS2 Vector ESM Manager/Agent unquoted search path local elevati... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121213_00 Thu, 13 Dec 2012 09:30:16 PST Symantec Endpoint Protection Management Consoles Multiple Issues Revisions   12/11/2012 – Clarification that SNAC issue is a client-side issue. Updated information concerning SNAC 12.1 not being activated unless an SNAC license is applied to the... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00 Mon, 10 Dec 2012 09:47:34 PST Symantec Updates HP Autonomy Keyview Filter Issues Affecting Multiple Vendors  Revisions   11/21/2012 Clarified SMSMSE and SMSDOM affected products Severity Medium to High (based on the CVSS2 scoring below) High CVSS V2 9.33 (for SMSMSE and SMS... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121120_00 Tue, 20 Nov 2012 12:09:25 PST Symantec Legacy Decomposer CAB File Issues Revisions   11/8/2012 - additional information added to mitigations 11/11/2012 - Symantec EOL Scan Engine and SAV10 affected version information added for clarification 11/14/201... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121107_00 Wed, 7 Nov 2012 14:12:03 PST Symantec Ghost Solution Suite Memory Corruption Revisions   None   Severity   Medium CVSS2 Base Score Impact Exploitability CVSS2 Vector 5.39 6.64 5.54 AV:A/AC:M/Au:N/C:P/I:P/A:P &nbsp... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121010_00 Wed, 10 Oct 2012 10:47:17 PDT Symantec Enterprise Vault Updates Oracle Outside-In Libraries Revision History None   Severity Medium CVSS2 Base Score Impact Exploitability CVSS2 Vectors 6 6.4 6.8 AV:N/AC:M/Au:S/C:P/I:P/A:P   Overview ... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120928_00 Fri, 28 Sep 2012 10:35:00 PDT PGP Universal Server Unauthorized Key Exposure Revisions   None   Severity   CVSS2 Base Score Impact Exploitability CVSS2 Vector PGP Key Exposure - Medium 4.14 4.93 5.13 AV:A/AC:L/Au:S... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120830_00 Thu, 30 Aug 2012 09:00:56 PDT Symantec Messaging Gateway Security Issues Revisions   12/3/2012 CVE-2012-4347 added for Arbitrary File Download issue inadvertently left out of original advisory.   Severity   CVSS2 Base Score Impact... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 Mon, 27 Aug 2012 11:48:10 PDT Symantec System Recovery 2011 and Backup Exec System Recovery 2010 DLL Loading Revision History None Severity CVSS2 Base Score Impact Exploitability CVSS2 Vector DLL Loading Remote Code Execution - Medium 5.39 6.44 5.548 AV:A/AC:M/Au:... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_01 Fri, 20 Jul 2012 12:07:20 PDT Symantec Web Gateway Security Issues Revisions   None   Severity   CVSS2 Base Score Impact Exploitability CVSS2 Vector Remote command execution - High 8.33 10.0 6.45 AV:A/AC:... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00 Fri, 20 Jul 2012 12:07:20 PDT Symantec Message Filter Security Issues Symantec Message Filter Security Issues Revision History 7/5/2012 Affected products updated to reflect all version prior to SMF 6.3   Severity CVSS2 Base Score Impact ... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 Tue, 26 Jun 2012 11:18:53 PDT Symantec LiveUpdate Administrator 2.3 Insecure File Permissions Revision History 9/10/2012 - Version 2.3.2 released to address areas identified by Tenable Security as not completely resolved.   Modified CVSS2 score.  Logging onto the targ... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120615_00 Fri, 15 Jun 2012 10:25:57 PDT Symantec Endpoint Protection Multiple Issues Revision History 5/23/2012 Proof-of-Concept information released publicly for CVE-2012-0289. Clarification on affected product component and versions. Severity CVSS2 Base Score ... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01 Tue, 22 May 2012 11:31:41 PDT Symantec Endpoint Protection Manager 11.x Denial of Service Revision History 5/23/2012 – Added 11.0 RU7(11.0.710x) to affected products 7/5/2012 – Following additional analysis and testing, added all releases of SEP 11.x prior to SEP 11.0 RU7 ... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_00 Tue, 22 May 2012 11:29:32 PDT Symantec Web Gateway Multiple Security Issues Revision History None   Severity CVSS2 Base Score Impact Exploitability CVSS2 Vector Command injection code execution - High 8.33 10.0 6.45 AV:A/AC:L... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 Thu, 17 May 2012 11:30:47 PDT Altiris WISE Package Studio SQL Injections Revision History None Severity Medium CVSS2 Base Score: 5.82 Impact 6.44, Exploitability 6.45 CVSS2 Vector:  (AV:A/AC:L/Au:N/C:P/I:P/A:P) Overview Symantec’s Altiris W... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120314_00 Wed, 14 Mar 2012 10:36:39 PDT