Filtered by vendor Symantec
Subscribe
Total
569 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13675 | 1 Symantec | 1 Endpoint Encryption | 2019-10-02 | 2.3 LOW | 4.2 MEDIUM |
| A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
| CVE-2018-12238 | 1 Symantec | 3 Endpoint Protection, Endpoint Protection Cloud, Norton Antivirus | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected. | |||||
| CVE-2017-6326 | 1 Symantec | 1 Messaging Gateway | 2019-10-02 | 10.0 HIGH | 10.0 CRITICAL |
| The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. | |||||
| CVE-2017-6327 | 1 Symantec | 1 Message Gateway | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges. | |||||
| CVE-2017-13674 | 1 Symantec | 1 Proxyclient | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges. | |||||
| CVE-2018-5240 | 1 Symantec | 1 Inventory | 2019-10-02 | 5.2 MEDIUM | 8.0 HIGH |
| The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | |||||
| CVE-2018-5234 | 1 Symantec | 2 Norton Core, Norton Core Firmware | 2019-10-02 | 8.3 HIGH | 8.0 HIGH |
| The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software. | |||||
| CVE-2018-12239 | 1 Symantec | 3 Endpoint Protection, Endpoint Protection Cloud, Norton Antivirus | 2019-10-02 | 4.6 MEDIUM | 6.8 MEDIUM |
| Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected. | |||||
| CVE-2018-18363 | 1 Symantec | 1 Norton App Lock | 2019-10-02 | 7.2 HIGH | 6.2 MEDIUM |
| Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access. | |||||
| CVE-2009-1431 | 1 Symantec | 5 Antivirus, Antivirus Central Quarantine Server, Client Security and 2 more | 2019-09-20 | 9.3 HIGH | N/A |
| XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service. | |||||
| CVE-2005-0249 | 1 Symantec | 11 Antivirus Scan Engine, Brightmail Antispam, Client Security and 8 more | 2019-09-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. | |||||
| CVE-2019-12754 | 1 Symantec | 1 Vip | 2019-09-03 | 3.5 LOW | 4.8 MEDIUM |
| Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2009-1432 | 1 Symantec | 3 Antivirus, Client Security, Endpoint Protection | 2019-07-26 | 5.0 MEDIUM | N/A |
| Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled. | |||||
| CVE-2019-9701 | 1 Symantec | 1 Data Loss Prevention | 2019-07-03 | 3.5 LOW | 4.8 MEDIUM |
| DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. | |||||
| CVE-2016-2203 | 1 Symantec | 1 Messaging Gateway | 2019-06-25 | 2.1 LOW | 7.8 HIGH |
| The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. | |||||
| CVE-2018-18367 | 1 Symantec | 1 Endpoint Protection Manager | 2019-05-03 | 6.8 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. | |||||
| CVE-2018-18369 | 1 Symantec | 4 Endpoint Protection, Endpoint Protection Cloud, Endpoint Protection Cloud Agent and 1 more | 2019-05-02 | 6.8 MEDIUM | 7.8 HIGH |
| Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. | |||||
| CVE-2019-9696 | 1 Symantec | 1 Vip Enterprise Gateway | 2019-04-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2014-7286 | 2 Microsoft, Symantec | 3 Windows Server 2003, Windows Xp, Deployment Solution | 2019-02-26 | 7.2 HIGH | N/A |
| Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2018-18364 | 1 Symantec | 1 Ghost Solution Suite | 2019-02-13 | 6.0 MEDIUM | 7.3 HIGH |
| Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application. | |||||