Filtered by vendor Symantec
Subscriptions
Total
571 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-23957 | 1 Symantec | 1 Identity Portal | 2024-09-25 | 5.4 Medium |
An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | ||||
CVE-2023-23958 | 1 Symantec | 1 Protection Engine | 2024-09-23 | 6.8 Medium |
Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. | ||||
CVE-2003-1575 | 2 Sun, Symantec | 2 Solaris, Vxfs | 2024-09-17 | N/A |
VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem. | ||||
CVE-2013-4678 | 1 Symantec | 1 Backup Exec | 2024-09-17 | N/A |
The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors. | ||||
CVE-2013-1611 | 1 Symantec | 1 Brightmail Gateway | 2024-09-17 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2017-15527 | 1 Symantec | 1 Management Console | 2024-09-17 | N/A |
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs. | ||||
CVE-2002-1779 | 1 Symantec | 1 Norton Personal Firewall | 2024-09-17 | N/A |
The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305). | ||||
CVE-2012-6533 | 2 Microsoft, Symantec | 4 Windows 2003 Server, Windows Xp, Encryption Desktop and 1 more | 2024-09-17 | N/A |
Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application. | ||||
CVE-2016-9092 | 1 Symantec | 2 Content Analysis, Mail Threat Defense | 2024-09-17 | N/A |
The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user. | ||||
CVE-2012-0302 | 1 Symantec | 1 Message Filter | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2013-4679 | 1 Symantec | 1 Workspace Virtualization | 2024-09-17 | N/A |
Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operating system. | ||||
CVE-2012-0301 | 1 Symantec | 1 Message Filter | 2024-09-17 | N/A |
Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
CVE-2012-0303 | 1 Symantec | 1 Message Filter | 2024-09-17 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts. | ||||
CVE-2018-5242 | 1 Symantec | 1 Norton App Lock | 2024-09-17 | N/A |
Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access. | ||||
CVE-2018-18363 | 1 Symantec | 1 Norton App Lock | 2024-09-17 | N/A |
Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access. | ||||
CVE-2017-15525 | 1 Symantec | 1 Endpoint Encryption | 2024-09-17 | N/A |
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | ||||
CVE-2018-5236 | 1 Symantec | 1 Endpoint Protection | 2024-09-17 | N/A |
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events. | ||||
CVE-2013-1610 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2024-09-17 | N/A |
Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory. | ||||
CVE-2002-2206 | 1 Symantec | 1 Norton Antivirus | 2024-09-17 | N/A |
The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries. | ||||
CVE-2004-2147 | 1 Symantec | 1 Norton Antivirus | 2024-09-17 | N/A |
Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body. |