Filtered by vendor Symantec
Subscribe
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1644 | 1 Symantec | 1 Liveupdate Administrator | 2014-03-31 | 7.5 HIGH | N/A |
| The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account. | |||||
| CVE-2014-1645 | 1 Symantec | 1 Liveupdate Administrator | 2014-03-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-5014 | 1 Symantec | 2 Endpoint Protection Manager, Protection Center | 2014-03-26 | 7.5 HIGH | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-5012 | 1 Symantec | 1 Web Gateway | 2014-02-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-4672 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2014-01-17 | 7.2 HIGH | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command. | |||||
| CVE-2013-4671 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2014-01-17 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2013-4670 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2014-01-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-1617 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2014-01-17 | 7.4 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-1616 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2014-01-17 | 8.3 HIGH | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. | |||||
| CVE-2012-4349 | 1 Symantec | 1 Network Access Control | 2013-10-11 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2012-4347 | 1 Symantec | 1 Messaging Gateway | 2013-10-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. | |||||
| CVE-2012-3581 | 1 Symantec | 1 Messaging Gateway | 2013-10-10 | 3.3 LOW | N/A |
| Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. | |||||
| CVE-2013-5008 | 1 Symantec | 1 Management Platform | 2013-10-10 | 4.6 MEDIUM | N/A |
| The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to obtain sensitive information about package-server access, or cause a denial of service, by leveraging knowledge of this key. | |||||
| CVE-2013-4679 | 1 Symantec | 1 Workspace Virtualization | 2013-10-07 | 6.6 MEDIUM | N/A |
| Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operating system. | |||||
| CVE-2012-0308 | 1 Symantec | 1 Messaging Gateway | 2013-10-03 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2013-4677 | 1 Symantec | 1 Backup Exec | 2013-08-22 | 4.3 MEDIUM | N/A |
| Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files. | |||||
| CVE-2013-4676 | 1 Symantec | 1 Backup Exec | 2013-08-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console. | |||||
| CVE-2013-4575 | 1 Symantec | 1 Backup Exec | 2013-08-22 | 7.9 HIGH | N/A |
| Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-4678 | 1 Symantec | 1 Backup Exec | 2013-08-09 | 2.7 LOW | N/A |
| The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors. | |||||
| CVE-2013-1610 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2013-08-05 | 6.8 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory. | |||||