Client Security
Sign in to watchby Symantec
CVEs (27)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-3771 | 0.00 | — | 0.00 | Jul 15, 2007 | Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error. | ||
| CVE-2007-3095 | 0.00 | — | 0.01 | Jun 6, 2007 | Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors. | ||
| CVE-2007-3022 | 0.00 | — | 0.01 | Jun 5, 2007 | Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks. | ||
| CVE-2007-3021 | 0.00 | — | 0.01 | Jun 5, 2007 | Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export. | ||
| CVE-2006-3455 | 0.00 | — | 0.00 | Oct 23, 2006 | The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function. | ||
| CVE-2006-4802 | 0.00 | — | 0.00 | Sep 14, 2006 | Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor. | ||
| CVE-2006-3454 | 0.00 | — | 0.00 | Sep 14, 2006 | Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. |
Page 2 of 2