Filtered by vendor Symantec
Subscribe
Total
569 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3022 | 1 Symantec | 3 Client Security, Norton Antivirus, Reporting Server | 2017-07-28 | 4.3 MEDIUM | N/A |
| Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks. | |||||
| CVE-2007-3021 | 1 Symantec | 3 Client Security, Norton Antivirus, Reporting Server | 2017-07-28 | 7.5 HIGH | N/A |
| Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export. | |||||
| CVE-2007-2359 | 1 Symantec | 4 Backupexec System Recovery, Livestate Recovery, Norton Ghost and 1 more | 2017-07-28 | 7.2 HIGH | N/A |
| Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string. | |||||
| CVE-2007-2361 | 1 Symantec | 4 Backupexec System Recovery, Livestate Recovery, Norton Ghost and 1 more | 2017-07-28 | 4.9 MEDIUM | N/A |
| Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file. | |||||
| CVE-2007-2619 | 1 Symantec | 1 Pcanywhere | 2017-07-28 | 4.6 MEDIUM | N/A |
| Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785. | |||||
| CVE-2007-2950 | 3 Centennial, Numara, Symantec | 3 Discovery, Asset Manager, Discovery | 2017-07-28 | 7.2 HIGH | N/A |
| Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges. | |||||
| CVE-2007-3095 | 1 Symantec | 3 Client Security, Norton Antivirus, Reporting Server | 2017-07-28 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors. | |||||
| CVE-2007-0563 | 1 Symantec | 1 Web Security | 2017-07-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. | |||||
| CVE-2007-1252 | 1 Symantec | 1 Mail Security | 2017-07-28 | 9.3 HIGH | N/A |
| Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources. | |||||
| CVE-2007-1173 | 3 Centennial, Numara, Symantec | 3 Discovery, Asset Manager, Discovery | 2017-07-28 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet. | |||||
| CVE-2007-1593 | 1 Symantec | 1 Veritas Volume Replicator | 2017-07-28 | 5.0 MEDIUM | N/A |
| The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer. | |||||
| CVE-2003-1451 | 1 Symantec | 1 Norton Antivirus | 2017-07-28 | 6.4 MEDIUM | N/A |
| Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename. | |||||
| CVE-2004-2755 | 1 Symantec | 1 Web Security | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages. | |||||
| CVE-2002-2281 | 1 Symantec | 1 Java | 2017-07-28 | 10.0 HIGH | N/A |
| Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4.0 through 4.8 allows remote attackers to execute arbitrary Java commands via an applet that uses a jump call, which is not correctly compiled by the JIT compiler. | |||||
| CVE-2002-2294 | 1 Symantec | 4 Enterprise Firewall, Gateway Security, Raptor Firewall and 1 more | 2017-07-28 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (service termination) via (1) malformed RealAudio (rad) packets that are not properly handled by the RealAudio Proxy, or (2) crafted packets to the statistics service (statsd). | |||||
| CVE-2003-1310 | 1 Symantec | 1 Norton Antivirus | 2017-07-28 | 4.6 MEDIUM | N/A |
| The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack"). | |||||
| CVE-2006-5403 | 1 Symantec | 4 Automated Support Assistant, Norton Antivirus, Norton Internet Security and 1 more | 2017-07-19 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-4902 | 1 Symantec | 3 Veritas Netbackup Client, Veritas Netbackup Enterprise Server, Veritas Netbackup Server | 2017-07-19 | 10.0 HIGH | N/A |
| The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands. | |||||
| CVE-2006-5404 | 1 Symantec | 4 Automated Support Assistant, Norton Antivirus, Norton Internet Security and 1 more | 2017-07-19 | 2.6 LOW | N/A |
| Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2006-5545 | 1 Symantec | 1 Mail Security | 2017-07-19 | 5.0 MEDIUM | N/A |
| Premium Antispam in Symantec Mail Security for Domino Server 5.1.x before 5.1.2.28 does not filter certain SMTP address formats, which allows remote attackers to use the product as a spam relay. | |||||