Filtered by vendor Symantec
Subscribe
Total
569 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0299 | 1 Symantec | 1 Web Gateway | 2017-12-04 | 10.0 HIGH | N/A |
| The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. | |||||
| CVE-2017-15526 | 1 Symantec | 1 Endpoint Encryption | 2017-11-29 | 5.2 MEDIUM | 6.8 MEDIUM |
| Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario. | |||||
| CVE-2013-4674 | 1 Symantec | 2 Encryption Management Server, Pgp Universal Server | 2017-11-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment. | |||||
| CVE-2013-4673 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2017-11-17 | 5.8 MEDIUM | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt. | |||||
| CVE-2004-1029 | 5 Conectiva, Gentoo, Hp and 2 more | 8 Linux, Linux, Hp-ux and 5 more | 2017-10-10 | 9.3 HIGH | N/A |
| The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. | |||||
| CVE-2002-0302 | 1 Symantec | 1 Enterprise Firewall | 2017-10-09 | 5.0 MEDIUM | N/A |
| The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack. | |||||
| CVE-2002-1463 | 1 Symantec | 4 Enterprise Firewall, Gateway Security, Raptor Firewall and 1 more | 2017-10-09 | 7.5 HIGH | N/A |
| Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections. | |||||
| CVE-2004-0190 | 1 Symantec | 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r | 2017-10-09 | 7.5 HIGH | N/A |
| Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. | |||||
| CVE-2000-0478 | 1 Symantec | 1 Norton Antivirus | 2017-10-09 | 5.0 MEDIUM | N/A |
| In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server. | |||||
| CVE-2000-0477 | 1 Symantec | 1 Norton Antivirus | 2017-10-09 | 5.0 MEDIUM | N/A |
| Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names. | |||||
| CVE-2001-0549 | 1 Symantec | 1 Liveupdate | 2017-10-09 | 4.6 MEDIUM | N/A |
| Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords. | |||||
| CVE-2000-1007 | 1 Symantec | 1 I-gear | 2017-10-09 | 5.0 MEDIUM | N/A |
| I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors. | |||||
| CVE-2009-1517 | 1 Symantec | 1 Norton Ghost | 2017-09-28 | 4.3 MEDIUM | N/A |
| Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods. | |||||
| CVE-2007-6016 | 1 Symantec | 1 Backup Exec For Windows Server | 2017-09-28 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. | |||||
| CVE-2014-9227 | 1 Symantec | 1 Endpoint Protection | 2017-09-22 | 4.4 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2014-9229 | 1 Symantec | 1 Endpoint Protection | 2017-09-22 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role. | |||||
| CVE-2014-9228 | 1 Symantec | 1 Endpoint Protection | 2017-09-22 | 4.9 MEDIUM | N/A |
| sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlock condition. | |||||
| CVE-2014-9230 | 1 Symantec | 1 Data Loss Prevention | 2017-09-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1485 | 1 Symantec | 1 Data Loss Prevention | 2017-09-21 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2015-1486 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-20 | 7.5 HIGH | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. | |||||