Filtered by vendor Symantec
Subscribe
Search
Total
408 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5008 | 1 Symantec | 1 Management Platform | 2013-10-10 | 4.6 MEDIUM | N/A |
| The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to obtain sensitive information about package-server access, or cause a denial of service, by leveraging knowledge of this key. | |||||
| CVE-2013-4679 | 1 Symantec | 1 Workspace Virtualization | 2013-10-07 | 6.6 MEDIUM | N/A |
| Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operating system. | |||||
| CVE-2012-0308 | 1 Symantec | 1 Messaging Gateway | 2013-10-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2013-4677 | 1 Symantec | 1 Backup Exec | 2013-08-22 | 4.3 MEDIUM | N/A |
| Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files. | |||||
| CVE-2013-4676 | 1 Symantec | 1 Backup Exec | 2013-08-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console. | |||||
| CVE-2013-4575 | 1 Symantec | 1 Backup Exec | 2013-08-22 | 7.9 HIGH | N/A |
| Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-4678 | 1 Symantec | 1 Backup Exec | 2013-08-09 | 2.7 LOW | N/A |
| The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors. | |||||
| CVE-2013-1610 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2013-08-05 | 6.8 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory. | |||||
| CVE-2013-1615 | 1 Symantec | 2 Security Information Manager, Security Information Manager Appliance | 2013-07-08 | 2.9 LOW | N/A |
| The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls. | |||||
| CVE-2013-1613 | 1 Symantec | 2 Security Information Manager, Security Information Manager Appliance | 2013-07-08 | 4.7 MEDIUM | N/A |
| SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-1614 | 1 Symantec | 2 Security Information Manager, Security Information Manager Appliance | 2013-07-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2005-3316 | 1 Symantec | 2 Discovery, On Command Discovery | 2013-07-07 | 7.5 HIGH | N/A |
| The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password. | |||||
| CVE-2013-1612 | 1 Symantec | 2 Endpoint Protection Center, Endpoint Protection Manager | 2013-06-20 | 7.9 HIGH | N/A |
| Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-1611 | 1 Symantec | 1 Brightmail Gateway | 2013-05-10 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-0304 | 1 Symantec | 1 Liveupdate Administrator | 2013-04-02 | 6.9 MEDIUM | N/A |
| Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2013-1609 | 1 Symantec | 1 Enterprise Vault For File System Archiving | 2013-03-27 | 6.8 MEDIUM | N/A |
| Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program. | |||||
| CVE-2013-1608 | 1 Symantec | 1 Netbackup Appliance | 2013-03-26 | 6.7 MEDIUM | N/A |
| Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2012-4350 | 1 Symantec | 1 Enterprise Security Manager | 2013-03-14 | 7.2 HIGH | N/A |
| Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors. | |||||
| CVE-2012-4348 | 1 Symantec | 1 Endpoint Protection | 2013-03-14 | 7.2 HIGH | N/A |
| The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-4953 | 1 Symantec | 3 Antivirus, Endpoint Protection, Scan Engine | 2013-03-12 | 9.3 HIGH | N/A |
| The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file. | |||||
| CVE-2012-6533 | 2 Microsoft, Symantec | 4 Windows 2003 Server, Windows Xp, Encryption Desktop and 1 more | 2013-02-20 | 4.4 MEDIUM | N/A |
| Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application. | |||||
| CVE-2012-4351 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2013-02-18 | 6.9 MEDIUM | N/A |
| Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application. | |||||
| CVE-2012-3582 | 1 Symantec | 1 Pgp Universal Server | 2013-02-14 | 2.9 LOW | N/A |
| Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's session. | |||||
| CVE-2012-0306 | 1 Symantec | 1 Ghost Solutions Suite | 2013-02-14 | 6.8 MEDIUM | N/A |
| Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file. | |||||
| CVE-2011-0553 | 1 Symantec | 1 Im Manager | 2013-02-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-0554 | 1 Symantec | 1 Im Manager | 2013-02-07 | 7.5 HIGH | N/A |
| The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "code injection issue." | |||||
| CVE-2011-0552 | 1 Symantec | 1 Im Manager | 2013-02-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter to IMManager/Admin/IMAdminSystemDashboard.asp, the (2) nav or (3) menuitem parameter to IMManager/Admin/IMAdminTOC_simple.asp, or the (4) action parameter to IMManager/Admin/IMAdminEdituser.asp. | |||||
| CVE-2011-0551 | 1 Symantec | 1 Endpoint Protection | 2013-02-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | |||||
| CVE-2011-0548 | 1 Symantec | 3 Brightmail And Messaging Gateway, Data Loss Prevention, Mail Security | 2013-02-07 | 9.3 HIGH | N/A |
| Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217. | |||||
| CVE-2010-0131 | 2 Autonomy, Symantec | 4 Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk and 1 more | 2013-02-07 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SpreadSheet Lotus 123 reader (wkssr.dll), as used in Autonomy KeyView 10.4 and 10.9, Symantec Mail Security, and possibly other products, allows remote attackers to execute arbitrary code via unspecified vectors related to floating point conversion in unknown record types. | |||||
| CVE-2009-3110 | 1 Symantec | 1 Altiris Deployment Solution | 2013-02-07 | 5.8 MEDIUM | N/A |
| Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does. | |||||
| CVE-2009-3109 | 1 Symantec | 1 Altiris Deployment Solution | 2013-02-07 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed. | |||||
| CVE-2009-3108 | 1 Symantec | 1 Altiris Deployment Solution | 2013-02-07 | 7.2 HIGH | N/A |
| The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program. | |||||
| CVE-2009-3107 | 1 Symantec | 1 Altiris Deployment Solution | 2013-02-07 | 4.8 MEDIUM | N/A |
| Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service. | |||||
| CVE-2009-3037 | 3 Autonomy, Ibm, Symantec | 7 Keyview, Lotus Notes, Brightmail Appliance and 4 more | 2013-02-07 | 9.3 HIGH | N/A |
| Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment. | |||||
| CVE-2009-3036 | 1 Symantec | 1 Im Manager | 2013-02-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-3032 | 2 Ibm, Symantec | 6 Lotus Notes, Brightmail Gateway, Data Loss Prevention Detection Servers and 3 more | 2013-02-07 | 10.0 HIGH | N/A |
| Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow. | |||||
| CVE-2009-3029 | 1 Symantec | 1 Securityexpressions Audit And Compliance Server | 2013-02-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages. | |||||
| CVE-2009-3028 | 1 Symantec | 3 Altiris Deployment Solution, Altiris Notification Server, Management Platform | 2013-02-07 | 6.8 MEDIUM | N/A |
| The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method. | |||||
| CVE-2012-0305 | 1 Symantec | 2 Backupexec System Recovery, System Recovery | 2013-02-02 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2012-0295 | 1 Symantec | 1 Endpoint Protection | 2013-01-04 | 9.3 HIGH | N/A |
| The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294. | |||||
| CVE-2012-1421 | 4 Cat, Norman, Rising-global and 1 more | 4 Quick Heal, Norman Antivirus \& Antispyware, Rising Antivirus and 1 more | 2012-12-20 | 4.3 MEDIUM | N/A |
| The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MSCF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2012-1461 | 18 Anti-virus, Authentium, Avg and 15 more | 20 Vba32, Command Antivirus, Avg Anti-virus and 17 more | 2012-11-06 | 4.3 MEDIUM | N/A |
| The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations. | |||||
| CVE-2012-1443 | 33 Ahnlab, Aladdin, Alwil and 30 more | 35 V3 Internet Security, Esafe, Avast Antivirus and 32 more | 2012-11-06 | 4.3 MEDIUM | N/A |
| The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. | |||||
| CVE-2007-3699 | 1 Symantec | 13 Antivirus Scan Engine, Brightmail Antispam, Client Security and 10 more | 2012-10-31 | 9.3 HIGH | N/A |
| The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header. | |||||
| CVE-2007-0447 | 1 Symantec | 13 Antivirus Scan Engine, Brightmail Antispam, Client Security and 10 more | 2012-10-31 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives. | |||||
| CVE-2012-0289 | 1 Symantec | 2 Endpoint Protection, Network Access Control | 2012-10-30 | 7.2 HIGH | N/A |
| Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script. | |||||
| CVE-2012-0294 | 1 Symantec | 1 Endpoint Protection | 2012-10-30 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors. | |||||
| CVE-2010-5168 | 2 Microsoft, Symantec | 2 Windows Xp, Norton Internet Security 2010 | 2012-08-27 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in Symantec Norton Internet Security 2010 17.5.0.127 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
| CVE-2010-3497 | 1 Symantec | 1 Norton Antivirus | 2012-08-22 | 6.4 MEDIUM | N/A |
| Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)." | |||||