Filtered by vendor Symantec
Subscribe
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0345 | 1 Symantec | 1 Norton Ghost | 2016-10-18 | 7.5 HIGH | N/A |
| Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges. | |||||
| CVE-2002-0344 | 1 Symantec | 1 Liveupdate | 2016-10-18 | 5.0 MEDIUM | N/A |
| Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server. | |||||
| CVE-2002-0309 | 1 Symantec | 1 Enterprise Firewall | 2016-10-18 | 5.0 MEDIUM | N/A |
| SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information. | |||||
| CVE-2000-0119 | 2 Mcafee, Symantec | 2 Virusscan, Norton Antivirus | 2016-10-18 | 7.2 HIGH | N/A |
| The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. | |||||
| CVE-1999-1323 | 1 Symantec | 1 Norton Antivirus | 2016-10-18 | 4.6 MEDIUM | N/A |
| Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE. | |||||
| CVE-1999-1028 | 1 Symantec | 1 Pcanywhere | 2016-10-18 | 5.0 MEDIUM | N/A |
| Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631. | |||||
| CVE-2011-0546 | 1 Symantec | 1 Backup Exec | 2016-08-23 | 6.5 MEDIUM | N/A |
| Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors. | |||||
| CVE-2015-8156 | 1 Symantec | 1 Endpoint Encryption | 2016-05-18 | 7.2 HIGH | 7.8 HIGH |
| Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | |||||
| CVE-2016-2202 | 1 Symantec | 1 Altiris It Management Suite | 2016-04-28 | 2.1 LOW | 5.5 MEDIUM |
| The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors. | |||||
| CVE-2015-6556 | 1 Symantec | 1 Endpoint Encryption | 2015-12-18 | 2.3 LOW | N/A |
| EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. | |||||
| CVE-2015-8113 | 1 Symantec | 1 Endpoint Protection | 2015-11-19 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1492. | |||||
| CVE-2014-1648 | 1 Symantec | 1 Messaging Gateway | 2015-08-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. | |||||
| CVE-2013-5015 | 1 Symantec | 2 Endpoint Protection Manager, Protection Center | 2015-07-30 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-5013 | 1 Symantec | 1 Web Gateway | 2015-07-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via (1) vectors involving PHP scripts and (2) unspecified other vectors. | |||||
| CVE-2015-1483 | 2 Linux, Symantec | 2 Linux Kernel, Netbackup Opscenter | 2015-03-12 | 7.5 HIGH | N/A |
| Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. | |||||
| CVE-2014-3433 | 1 Symantec | 1 Data Insight | 2014-07-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue. | |||||
| CVE-2014-3432 | 1 Symantec | 1 Data Insight | 2014-07-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. | |||||
| CVE-2014-1649 | 1 Symantec | 1 Workspace Streaming | 2014-07-24 | 7.9 HIGH | N/A |
| The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. | |||||
| CVE-2014-1647 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2014-04-24 | 2.6 LOW | N/A |
| Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate. | |||||
| CVE-2014-1646 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2014-04-24 | 2.6 LOW | N/A |
| Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate. | |||||