Filtered by vendor Symantec
Subscriptions
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1612 | 1 Symantec | 2 Endpoint Protection Center, Endpoint Protection Manager | 2024-09-16 | N/A |
| Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2002-2317 | 1 Symantec | 1 Velociraptor | 2024-09-16 | N/A |
| Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. | ||||
| CVE-2013-1614 | 1 Symantec | 2 Security Information Manager, Security Information Manager Appliance | 2024-09-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-5235 | 1 Symantec | 1 Norton Utilities | 2024-09-16 | N/A |
| Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. | ||||
| CVE-2018-12243 | 1 Symantec | 1 Messaging Gateway | 2024-09-16 | N/A |
| The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible. | ||||
| CVE-2012-0300 | 1 Symantec | 1 Message Filter | 2024-09-16 | N/A |
| Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified vectors. | ||||
| CVE-2013-5008 | 1 Symantec | 1 Management Platform | 2024-09-16 | N/A |
| The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to obtain sensitive information about package-server access, or cause a denial of service, by leveraging knowledge of this key. | ||||
| CVE-2017-15530 | 1 Symantec | 1 Norton Family | 2024-09-16 | N/A |
| Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings. | ||||
| CVE-2017-6331 | 1 Symantec | 1 Endpoint Protection | 2024-09-16 | 7.1 High |
| Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients. | ||||
| CVE-2017-15531 | 1 Symantec | 1 Reporter | 2024-09-16 | N/A |
| Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter. | ||||
| CVE-2008-4388 | 1 Symantec | 1 Appstream Client | 2024-09-16 | N/A |
| The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods. | ||||
| CVE-2013-1609 | 1 Symantec | 1 Enterprise Vault For File System Archiving | 2024-09-16 | N/A |
| Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program. | ||||
| CVE-2018-12242 | 1 Symantec | 1 Messaging Gateway | 2024-09-16 | N/A |
| The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. | ||||
| CVE-2012-0296 | 1 Symantec | 1 Web Gateway | 2024-09-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3179 | 1 Symantec | 1 Altiris Deployment Solution | 2024-09-16 | N/A |
| Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2018-5240 | 1 Symantec | 1 Inventory | 2024-09-16 | N/A |
| The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | ||||
| CVE-2017-6329 | 1 Symantec | 1 Vip Access For Desktop | 2024-09-16 | N/A |
| Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the application will generally follow a specific search path to locate the DLL. The exploitation of the vulnerability manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application. | ||||
| CVE-2017-15534 | 1 Symantec | 1 Norton App Lock | 2024-09-16 | N/A |
| The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access. | ||||
| CVE-2017-13680 | 2 Microsoft, Symantec | 2 Windows, Endpoint Protection | 2024-09-16 | N/A |
| Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system. | ||||
| CVE-2013-1613 | 1 Symantec | 2 Security Information Manager, Security Information Manager Appliance | 2024-09-16 | N/A |
| SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||