| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. |
| SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue. |
| Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role. |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. |
| Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. |
| Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. |
| Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. |
| SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors. |
| Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action. |
| SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
| The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted RAR file that is mishandled during decompression. |
| ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. |
| The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. |
| The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file. |
