Vendor CVEs
Symantec
All CVEs
788 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6327 | Hig | 0.75 | 8.8 | 0.35 | KEV | Aug 11, 2017 | The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after… | |
| CVE-2017-6326 | Cri | 0.74 | 10.0 | 0.73 | Jun 26, 2017 | The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. | ||
| CVE-2017-8895 | Cri | 0.72 | 9.8 | 0.71 | May 10, 2017 | In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this… | ||
| CVE-2016-3645 | Cri | 0.69 | 9.8 | 0.25 | Jun 30, 2016 | Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec… | ||
| CVE-2017-6403 | Cri | 0.66 | 9.8 | 0.27 | Mar 2, 2017 | An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password. | ||
| CVE-2025-57602 | Cri | 0.64 | 9.8 | 0.00 | Sep 22, 2025 | Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT… | ||
| CVE-2025-52352 | Cri | 0.64 | 9.8 | 0.01 | Aug 21, 2025 | Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing… | ||
| CVE-2025-27816 | Cri | 0.64 | 9.8 | 0.01 | Mar 7, 2025 | A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. The vulnerability is present in the Windows Plugin_Host service, which runs on all the… | ||
| CVE-2022-4422 | Cri | 0.64 | 9.8 | 0.01 | Jan 10, 2023 | Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0 | ||
| CVE-2018-12242 | Cri | 0.64 | 9.8 | 0.03 | Sep 19, 2018 | The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. | ||
| CVE-2018-5241 | Cri | 0.64 | 9.8 | 0.05 | May 29, 2018 | Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When… | ||
| CVE-2017-15531 | Cri | 0.64 | 9.8 | 0.02 | Jan 23, 2018 | Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter. | ||
| CVE-2015-4523 | Cri | 0.64 | 9.3 | 0.04 | Sep 11, 2017 | Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute… | ||
| CVE-2017-8859 | Cri | 0.64 | 9.8 | 0.03 | May 9, 2017 | In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root. | ||
| CVE-2017-8858 | Cri | 0.64 | 9.8 | 0.03 | May 9, 2017 | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process. | ||
| CVE-2017-8857 | Cri | 0.64 | 9.8 | 0.06 | May 9, 2017 | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. | ||
| CVE-2017-8856 | Cri | 0.64 | 9.8 | 0.04 | May 9, 2017 | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process. | ||
| CVE-2017-6409 | Cri | 0.64 | 9.8 | 0.01 | Mar 2, 2017 | An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access. | ||
| CVE-2016-7399 | Cri | 0.64 | 9.8 | 0.05 | Jan 4, 2017 | scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense. | ||
| CVE-2016-2208 | Cri | 0.64 | 9.1 | 0.19 | May 19, 2016 | The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file. | ||
| CVE-2015-6552 | Cri | 0.64 | 9.8 | 0.02 | May 7, 2016 | The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2… | ||
| CVE-2015-6550 | Cri | 0.64 | 9.8 | 0.03 | May 7, 2016 | bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary… | ||
| CVE-2013-5017 | Cri | 0.64 | 9.8 | 0.07 | Jun 18, 2014 | SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors. | ||
| CVE-2001-1125 | Cri | 0.64 | 9.8 | 0.02 | Oct 5, 2001 | Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. | ||
| CVE-2017-6328 | Hig | 0.60 | 8.8 | 0.02 | Aug 11, 2017 | The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user… | ||
| CVE-2016-3646 | Hig | 0.59 | 8.4 | 0.18 | Jun 30, 2016 | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec… | ||
| CVE-2016-3644 | Hig | 0.59 | 8.4 | 0.18 | Jun 30, 2016 | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec… | ||
| CVE-2016-2207 | Hig | 0.59 | 8.4 | 0.18 | Jun 30, 2016 | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec… | ||
| CVE-2015-8151 | Cri | 0.59 | 9.1 | 0.02 | Feb 18, 2016 | Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access. | ||
| CVE-2025-30248 | Hig | 0.58 | — | 0.01 | Jan 26, 2026 | DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path. | ||
| CVE-2016-5313 | Hig | 0.58 | 8.8 | 0.05 | Apr 12, 2017 | Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. | ||
| CVE-2015-8154 | Hig | 0.58 | 8.8 | 0.05 | Mar 18, 2016 | The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." | ||
| CVE-2025-52351 | Hig | 0.57 | 8.8 | 0.00 | Aug 21, 2025 | Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in… | ||
| CVE-2018-12243 | Hig | 0.57 | 8.8 | 0.01 | Sep 19, 2018 | The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI… | ||
| CVE-2018-5237 | Hig | 0.57 | 8.8 | 0.02 | Jun 20, 2018 | Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | ||
| CVE-2016-9092 | Hig | 0.57 | 8.8 | 0.01 | May 11, 2017 | The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the… | ||
| CVE-2017-6407 | Hig | 0.57 | 8.8 | 0.01 | Mar 2, 2017 | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur. | ||
| CVE-2017-6406 | Hig | 0.57 | 8.8 | 0.00 | Mar 2, 2017 | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur. | ||
| CVE-2017-6400 | Hig | 0.57 | 8.8 | 0.00 | Mar 2, 2017 | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system). | ||
| CVE-2017-6399 | Hig | 0.57 | 8.8 | 0.01 | Mar 2, 2017 | An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur. | ||
| CVE-2016-3650 | Hig | 0.57 | 8.8 | 0.01 | Jun 30, 2016 | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. | ||
| CVE-2016-3648 | Hig | 0.57 | 8.8 | 0.02 | Jun 30, 2016 | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the… | ||
| CVE-2015-8157 | Hig | 0.57 | 8.8 | 0.02 | Jun 8, 2016 | SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP)… | ||
| CVE-2015-8153 | Hig | 0.57 | 8.8 | 0.03 | Mar 18, 2016 | SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2018-5234 | Hig | 0.56 | 8.0 | 0.17 | Apr 30, 2018 | The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software. | ||
| CVE-2024-35204 | Hig | 0.55 | 8.4 | 0.00 | May 14, 2024 | Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks. | ||
| CVE-2016-3653 | Hig | 0.55 | 8.0 | 0.01 | Jun 30, 2016 | Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users. | ||
| CVE-2016-2211 | Hig | 0.55 | 7.8 | 0.53 | Jun 30, 2016 | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec… | ||
| CVE-2016-2203 | Hig | 0.54 | 7.8 | 0.07 | Apr 22, 2016 | The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. | ||
| CVE-2016-2204 | Hig | 0.53 | 8.2 | 0.01 | Apr 22, 2016 | The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. |
- risk 0.75cvss 8.8epss 0.35
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after…
- risk 0.74cvss 10.0epss 0.73
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.
- risk 0.72cvss 9.8epss 0.71
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this…
- risk 0.69cvss 9.8epss 0.25
Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec…
- risk 0.66cvss 9.8epss 0.27
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
- risk 0.64cvss 9.8epss 0.00
Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT…
- risk 0.64cvss 9.8epss 0.01
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing…
- risk 0.64cvss 9.8epss 0.01
A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. The vulnerability is present in the Windows Plugin_Host service, which runs on all the…
- risk 0.64cvss 9.8epss 0.01
Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0
- risk 0.64cvss 9.8epss 0.03
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.
- risk 0.64cvss 9.8epss 0.05
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When…
- risk 0.64cvss 9.8epss 0.02
Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.
- risk 0.64cvss 9.3epss 0.04
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute…
- risk 0.64cvss 9.8epss 0.03
In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.
- risk 0.64cvss 9.8epss 0.03
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
- risk 0.64cvss 9.8epss 0.06
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
- risk 0.64cvss 9.8epss 0.04
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
- risk 0.64cvss 9.8epss 0.05
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
- risk 0.64cvss 9.1epss 0.19
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.
- risk 0.64cvss 9.8epss 0.02
The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2…
- risk 0.64cvss 9.8epss 0.03
bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary…
- risk 0.64cvss 9.8epss 0.07
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.02
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
- risk 0.60cvss 8.8epss 0.02
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user…
- risk 0.59cvss 8.4epss 0.18
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec…
- risk 0.59cvss 8.4epss 0.18
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec…
- risk 0.59cvss 8.4epss 0.18
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec…
- risk 0.59cvss 9.1epss 0.02
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access.
- risk 0.58cvss —epss 0.01
DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path.
- risk 0.58cvss 8.8epss 0.05
Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.
- risk 0.58cvss 8.8epss 0.05
The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions."
- risk 0.57cvss 8.8epss 0.00
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in…
- risk 0.57cvss 8.8epss 0.01
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI…
- risk 0.57cvss 8.8epss 0.02
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
- risk 0.57cvss 8.8epss 0.01
The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.
- risk 0.57cvss 8.8epss 0.00
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
- risk 0.57cvss 8.8epss 0.01
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack.
- risk 0.57cvss 8.8epss 0.02
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the…
- risk 0.57cvss 8.8epss 0.02
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP)…
- risk 0.57cvss 8.8epss 0.03
SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- risk 0.56cvss 8.0epss 0.17
The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software.
- risk 0.55cvss 8.4epss 0.00
Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks.
- risk 0.55cvss 8.0epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.
- risk 0.55cvss 7.8epss 0.53
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec…
- risk 0.54cvss 7.8epss 0.07
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
- risk 0.53cvss 8.2epss 0.01
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input.
Page 1 of 16