Symantec
Products
307- 83 CVEs
- 81 CVEs
- 69 CVEs
- 41 CVEs
- 39 CVEs
- 35 CVEs
- 34 CVEs
- 30 CVEs
- 28 CVEs
- 28 CVEs
- 26 CVEs
- 19 CVEs
- 19 CVEs
- 19 CVEs
- 18 CVEs
- 18 CVEs
- 17 CVEs
- 17 CVEs
- 15 CVEs
- 13 CVEs
- 13 CVEs
- 12 CVEs
- 12 CVEs
- 11 CVEs
- 11 CVEs
- 11 CVEs
- 11 CVEs
- 11 CVEs
- 10 CVEs
- 10 CVEs
- View all 307 products →
Recent CVEs
788| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6327 | Hig | 0.75 | 8.8 | 0.35 | KEV | Aug 11, 2017 | The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after… | |
| CVE-2017-6326 | Cri | 0.74 | 10.0 | 0.73 | Jun 26, 2017 | The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. | ||
| CVE-2017-8895 | Cri | 0.72 | 9.8 | 0.71 | May 10, 2017 | In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this… | ||
| CVE-2016-3645 | Cri | 0.69 | 9.8 | 0.25 | Jun 30, 2016 | Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec… | ||
| CVE-2017-6403 | Cri | 0.66 | 9.8 | 0.27 | Mar 2, 2017 | An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password. | ||
| CVE-2025-57602 | Cri | 0.64 | 9.8 | 0.00 | Sep 22, 2025 | Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT… | ||
| CVE-2025-52352 | Cri | 0.64 | 9.8 | 0.01 | Aug 21, 2025 | Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing… | ||
| CVE-2025-27816 | Cri | 0.64 | 9.8 | 0.01 | Mar 7, 2025 | A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. The vulnerability is present in the Windows Plugin_Host service, which runs on all the… | ||
| CVE-2022-4422 | Cri | 0.64 | 9.8 | 0.01 | Jan 10, 2023 | Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0 | ||
| CVE-2018-12242 | Cri | 0.64 | 9.8 | 0.03 | Sep 19, 2018 | The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. | ||
| CVE-2018-5241 | Cri | 0.64 | 9.8 | 0.05 | May 29, 2018 | Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When… | ||
| CVE-2017-15531 | Cri | 0.64 | 9.8 | 0.02 | Jan 23, 2018 | Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter. | ||
| CVE-2015-4523 | Cri | 0.64 | 9.3 | 0.04 | Sep 11, 2017 | Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute… | ||
| CVE-2017-8859 | Cri | 0.64 | 9.8 | 0.03 | May 9, 2017 | In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root. | ||
| CVE-2017-8858 | Cri | 0.64 | 9.8 | 0.03 | May 9, 2017 | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process. | ||
| CVE-2017-8857 | Cri | 0.64 | 9.8 | 0.06 | May 9, 2017 | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. | ||
| CVE-2017-8856 | Cri | 0.64 | 9.8 | 0.04 | May 9, 2017 | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process. | ||
| CVE-2017-6409 | Cri | 0.64 | 9.8 | 0.01 | Mar 2, 2017 | An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access. | ||
| CVE-2016-7399 | Cri | 0.64 | 9.8 | 0.05 | Jan 4, 2017 | scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense. | ||
| CVE-2016-2208 | Cri | 0.64 | 9.1 | 0.19 | May 19, 2016 | The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file. |
- risk 0.75cvss 8.8epss 0.35
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after…
- risk 0.74cvss 10.0epss 0.73
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.
- risk 0.72cvss 9.8epss 0.71
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this…
- risk 0.69cvss 9.8epss 0.25
Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec…
- risk 0.66cvss 9.8epss 0.27
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
- risk 0.64cvss 9.8epss 0.00
Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT…
- risk 0.64cvss 9.8epss 0.01
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing…
- risk 0.64cvss 9.8epss 0.01
A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. The vulnerability is present in the Windows Plugin_Host service, which runs on all the…
- risk 0.64cvss 9.8epss 0.01
Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0
- risk 0.64cvss 9.8epss 0.03
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.
- risk 0.64cvss 9.8epss 0.05
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When…
- risk 0.64cvss 9.8epss 0.02
Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.
- risk 0.64cvss 9.3epss 0.04
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute…
- risk 0.64cvss 9.8epss 0.03
In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.
- risk 0.64cvss 9.8epss 0.03
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
- risk 0.64cvss 9.8epss 0.06
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
- risk 0.64cvss 9.8epss 0.04
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
- risk 0.64cvss 9.8epss 0.05
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
- risk 0.64cvss 9.1epss 0.19
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.