Filtered by vendor Veritas
Subscriptions
Total
121 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6404 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2024-08-05 | N/A |
| An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data. | ||||
| CVE-2017-6408 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2024-08-05 | N/A |
| An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured. | ||||
| CVE-2017-6403 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2024-08-05 | N/A |
| An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password. | ||||
| CVE-2017-6399 | 1 Veritas | 3 Access, Netbackup, Netbackup Appliance | 2024-08-05 | N/A |
| An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur. | ||||
| CVE-2017-6402 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2024-08-05 | N/A |
| An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur. | ||||
| CVE-2017-6401 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2024-08-05 | N/A |
| An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat. | ||||
| CVE-2017-6405 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2024-08-05 | N/A |
| An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing. | ||||
| CVE-2018-18652 | 1 Veritas | 1 Netbackup Appliance | 2024-08-05 | N/A |
| A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input. | ||||
| CVE-2019-18780 | 3 Linux, Microsoft, Veritas | 8 Linux Kernel, Windows, Access and 5 more | 2024-08-05 | 9.8 Critical |
| An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows. | ||||
| CVE-2019-14416 | 1 Veritas | 1 Resiliency Platform | 2024-08-05 | 7.2 High |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality. | ||||
| CVE-2019-14417 | 1 Veritas | 1 Resiliency Platform | 2024-08-05 | N/A |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality. | ||||
| CVE-2019-14415 | 1 Veritas | 1 Resiliency Platform | 2024-08-05 | 4.8 Medium |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to. | ||||
| CVE-2019-14418 | 1 Veritas | 1 Resiliency Platform | 2024-08-05 | 8.8 High |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine. | ||||
| CVE-2019-9868 | 1 Veritas | 1 Netbackup Appliance | 2024-08-04 | N/A |
| An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator. | ||||
| CVE-2019-9867 | 1 Veritas | 1 Netbackup Appliance | 2024-08-04 | N/A |
| An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator. | ||||
| CVE-2020-36159 | 1 Veritas | 1 Desktop And Laptop Option | 2024-08-04 | 5.3 Medium |
| Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication. | ||||
| CVE-2020-36167 | 1 Veritas | 1 Backup Exec | 2024-08-04 | 9.3 Critical |
| An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cnf. A low privileged user can create a :\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. If the system is also an Active Directory domain controller, then this can affect the entire domain. | ||||
| CVE-2020-36164 | 2 Microsoft, Veritas | 2 Windows, Enterprise Vault | 2024-08-04 | 9.3 Critical |
| An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the System drive (typically C:\) and the product's installation drive (typically not C:\): \Isode\etc\ssl\openssl.cnf (on SMTP Server) or \user\ssl\openssl.cnf (on other affected components). By default, on Windows systems, users can create directories under C:\. A low privileged user can create a openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability only affects a server with MTP Server, SMTP Archiving IMAP Server, IMAP Archiving, Vault Cloud Adapter, NetApp File server, or File System Archiving for NetApp as File Server. | ||||
| CVE-2020-36169 | 2 Microsoft, Veritas | 3 Windows, Netbackup, Opscenter | 2024-08-04 | 9.3 Critical |
| An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade and post-install during normal operations. | ||||
| CVE-2020-36166 | 2 Microsoft, Veritas | 5 Windows, Infoscale, Infoscale Operations Manager and 2 more | 2024-08-04 | 9.3 Critical |
| An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cnf, where <drive> could be the default Windows installation drive such as C:\ or the drive where a Veritas product is installed. By default, on Windows systems, users can create directories under any top-level directory. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. | ||||