Filtered by vendor Symantec
Subscriptions
Total
571 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-5693 | 1 Symantec | 1 Web Gateway | 2024-08-06 | N/A |
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture." | ||||
CVE-2015-5692 | 1 Symantec | 1 Web Gateway | 2024-08-06 | N/A |
admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file. | ||||
CVE-2015-4523 | 1 Symantec | 2 Malware Analysis Appliance, Malware Analyzer G2 | 2024-08-06 | N/A |
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis. | ||||
CVE-2015-4334 | 1 Symantec | 1 Proxysg Firmware | 2024-08-06 | N/A |
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication. | ||||
CVE-2015-1491 | 1 Symantec | 1 Endpoint Protection Manager | 2024-08-06 | N/A |
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2015-1487 | 1 Symantec | 1 Endpoint Protection Manager | 2024-08-06 | N/A |
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename. | ||||
CVE-2015-1485 | 1 Symantec | 1 Data Loss Prevention | 2024-08-06 | N/A |
Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators. | ||||
CVE-2015-1484 | 1 Symantec | 1 Workspace Streaming | 2024-08-06 | N/A |
Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | ||||
CVE-2015-1490 | 1 Symantec | 1 Endpoint Protection Manager | 2024-08-06 | N/A |
Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package. | ||||
CVE-2015-1483 | 2 Linux, Symantec | 2 Linux Kernel, Netbackup Opscenter | 2024-08-06 | N/A |
Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. | ||||
CVE-2015-1492 | 1 Symantec | 1 Endpoint Protection Manager | 2024-08-06 | N/A |
Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. | ||||
CVE-2015-1489 | 1 Symantec | 1 Endpoint Protection Manager | 2024-08-06 | N/A |
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | ||||
CVE-2015-1486 | 1 Symantec | 1 Endpoint Protection Manager | 2024-08-06 | N/A |
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. | ||||
CVE-2015-1488 | 1 Symantec | 1 Endpoint Protection Manager | 2024-08-06 | N/A |
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors. | ||||
CVE-2016-6591 | 1 Symantec | 1 Norton App Lock | 2024-08-06 | 7.1 High |
A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. | ||||
CVE-2016-6590 | 1 Symantec | 4 Encryption Desktop, Endpoint Encryption, Ghost Solution Suite and 1 more | 2024-08-06 | 7.8 High |
A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code. | ||||
CVE-2016-6586 | 1 Symantec | 1 Norton Mobile Security | 2024-08-06 | 3.7 Low |
A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist. | ||||
CVE-2016-6592 | 1 Symantec | 1 Norton Download Manager | 2024-08-06 | 7.8 High |
A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead of the intended DLL and execute arbitrary code when the Norton Download Manager component is run by the target user. | ||||
CVE-2016-6593 | 1 Symantec | 1 Vip Access Desktop | 2024-08-06 | 7.8 High |
A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code. | ||||
CVE-2016-6585 | 1 Symantec | 1 Norton Mobile Security | 2024-08-06 | 5.3 Medium |
A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript. |