Symantec Altiris Deployment Solution — known CVE vulnerabilities
Every CVE whose affected-product data names Symantec Altiris Deployment Solution, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2008-4564 — CVSS 9.3 (critical): Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security…
CVE-2009-3109 — CVSS 9.3 (critical): Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based…
CVE-2009-3033 — CVSS 9.3 (critical): Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web…
CVE-2009-3031 — CVSS 9.3 (critical): Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in…
CVE-2009-3178 — CVSS 7.8 (high): Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via…
CVE-2008-6828 — CVSS 7.8 (high): Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which…
CVE-2008-6827 — CVSS 7.8 (high): The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to…
CVE-2008-2286 — CVSS 7.5 (high): SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers…
CVE-2008-2291 — CVSS 7.5 (high): axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any…
CVE-2007-4380 — CVSS 7.2 (high): Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log…
CVE-2007-5838 — CVSS 7.2 (high): Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable…
CVE-2008-1473 — CVSS 7.2 (high): The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges…
CVE-2008-2287 — CVSS 7.2 (high): Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow…
CVE-2008-2289 — CVSS 7.2 (high): Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to…
CVE-2008-2290 — CVSS 7.2 (high): Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local…
CVE-2009-3108 — CVSS 7.2 (high): The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure…
CVE-2007-5555 — CVSS 6.9 (medium): Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown…
CVE-2009-3028 — CVSS 6.8 (medium): The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x…
CVE-2010-0109 — CVSS 6.5 (medium): DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a…
CVE-2009-3110 — CVSS 5.8 (medium): Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote…
CVE-2009-3107 — CVSS 4.8 (medium): Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the…
CVE-2008-2288 — CVSS 3.6 (low): Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of…
CVE-2008-1754 — CVSS 1.7 (low): Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory…