Filtered by vendor Veritas
Subscribe
Total
120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-36161 | 2 Microsoft, Veritas | 2 Windows, Aptare It Analytics | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. | |||||
CVE-2021-27877 | 1 Veritas | 1 Backup Exec | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands. | |||||
CVE-2020-12877 | 1 Veritas | 1 Aptare | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication. | |||||
CVE-2020-12874 | 1 Veritas | 1 Aptare | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server. | |||||
CVE-2020-12875 | 1 Veritas | 1 Aptare | 2023-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application. | |||||
CVE-2020-12876 | 2 Microsoft, Veritas | 2 Windows, Aptare | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments. | |||||
CVE-2019-18780 | 3 Linux, Microsoft, Veritas | 8 Linux Kernel, Windows, Access and 5 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows. | |||||
CVE-2019-14415 | 1 Veritas | 1 Resiliency Platform | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to. | |||||
CVE-2019-14418 | 1 Veritas | 1 Resiliency Platform | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine. | |||||
CVE-2019-9867 | 1 Veritas | 1 Netbackup Appliance | 2023-12-10 | 4.0 MEDIUM | 7.2 HIGH |
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator. | |||||
CVE-2019-9868 | 1 Veritas | 1 Netbackup Appliance | 2023-12-10 | 4.0 MEDIUM | 7.2 HIGH |
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator. | |||||
CVE-2019-14416 | 1 Veritas | 1 Resiliency Platform | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality. | |||||
CVE-2019-14417 | 1 Veritas | 1 Resiliency Platform | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality. | |||||
CVE-2018-18652 | 1 Veritas | 1 Netbackup Appliance | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input. | |||||
CVE-2017-6404 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data. | |||||
CVE-2017-6407 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur. | |||||
CVE-2016-7399 | 1 Veritas | 2 Netbackup Appliance, Netbackup Appliance Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense. | |||||
CVE-2017-6406 | 1 Veritas | 3 Access, Netbackup, Netbackup Appliance | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur. | |||||
CVE-2017-6402 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur. | |||||
CVE-2017-8859 | 1 Veritas | 1 Netbackup Appliance | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root. |