VYPR
Vendor

Symantec

Products
307
CVEs
788
Across products
761
Status
Private

Products

307
View all 307 products →

Recent CVEs

788
View all 788 CVEs →
  • CVE-2017-6327HigKEVAug 11, 2017
    risk 0.75cvss 8.8epss 0.35

    The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after…

  • CVE-2017-6326CriJun 26, 2017
    risk 0.74cvss 10.0epss 0.73

    The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.

  • CVE-2017-8895CriMay 10, 2017
    risk 0.72cvss 9.8epss 0.71

    In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this…

  • CVE-2016-3645CriJun 30, 2016
    risk 0.69cvss 9.8epss 0.25

    Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec…

  • CVE-2017-6403CriMar 2, 2017
    risk 0.66cvss 9.8epss 0.27

    An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.

  • CVE-2025-57602CriSep 22, 2025
    risk 0.64cvss 9.8epss 0.00

    Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT…

  • CVE-2025-52352CriAug 21, 2025
    risk 0.64cvss 9.8epss 0.01

    Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing…

  • CVE-2025-27816CriMar 7, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. The vulnerability is present in the Windows Plugin_Host service, which runs on all the…

  • CVE-2022-4422CriJan 10, 2023
    risk 0.64cvss 9.8epss 0.01

    Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0

  • CVE-2018-12242CriSep 19, 2018
    risk 0.64cvss 9.8epss 0.03

    The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.

  • CVE-2018-5241CriMay 29, 2018
    risk 0.64cvss 9.8epss 0.05

    Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When…

  • CVE-2017-15531CriJan 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.

  • CVE-2015-4523CriSep 11, 2017
    risk 0.64cvss 9.3epss 0.04

    Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute…

  • CVE-2017-8859CriMay 9, 2017
    risk 0.64cvss 9.8epss 0.03

    In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.

  • CVE-2017-8858CriMay 9, 2017
    risk 0.64cvss 9.8epss 0.03

    In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.

  • CVE-2017-8857CriMay 9, 2017
    risk 0.64cvss 9.8epss 0.06

    In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.

  • CVE-2017-8856CriMay 9, 2017
    risk 0.64cvss 9.8epss 0.04

    In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.

  • CVE-2017-6409CriMar 2, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.

  • CVE-2016-7399CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.05

    scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.

  • CVE-2016-2208CriMay 19, 2016
    risk 0.64cvss 9.1epss 0.19

    The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.