VYPR

Vendor CVEs

Symantec

All CVEs

788 total · sorted by risk
  • CVE-2017-6327HigKEVAug 11, 2017
    risk 0.75cvss 8.8epss 0.35

    The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after…

  • CVE-2017-6326CriJun 26, 2017
    risk 0.74cvss 10.0epss 0.73

    The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.

  • CVE-2017-8895CriMay 10, 2017
    risk 0.72cvss 9.8epss 0.71

    In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this…

  • CVE-2016-3645CriJun 30, 2016
    risk 0.69cvss 9.8epss 0.25

    Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec…

  • CVE-2017-6403CriMar 2, 2017
    risk 0.66cvss 9.8epss 0.27

    An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.

  • CVE-2025-57602CriSep 22, 2025
    risk 0.64cvss 9.8epss 0.00

    Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT…

  • CVE-2025-52352CriAug 21, 2025
    risk 0.64cvss 9.8epss 0.01

    Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing…

  • CVE-2025-27816CriMar 7, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. The vulnerability is present in the Windows Plugin_Host service, which runs on all the…

  • CVE-2022-4422CriJan 10, 2023
    risk 0.64cvss 9.8epss 0.01

    Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0

  • CVE-2018-12242CriSep 19, 2018
    risk 0.64cvss 9.8epss 0.03

    The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.

  • CVE-2018-5241CriMay 29, 2018
    risk 0.64cvss 9.8epss 0.05

    Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When…

  • CVE-2017-15531CriJan 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.

  • CVE-2015-4523CriSep 11, 2017
    risk 0.64cvss 9.3epss 0.04

    Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute…

  • CVE-2017-8859CriMay 9, 2017
    risk 0.64cvss 9.8epss 0.03

    In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.

  • CVE-2017-8858CriMay 9, 2017
    risk 0.64cvss 9.8epss 0.03

    In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.

  • CVE-2017-8857CriMay 9, 2017
    risk 0.64cvss 9.8epss 0.06

    In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.

  • CVE-2017-8856CriMay 9, 2017
    risk 0.64cvss 9.8epss 0.04

    In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.

  • CVE-2017-6409CriMar 2, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.

  • CVE-2016-7399CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.05

    scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.

  • CVE-2016-2208CriMay 19, 2016
    risk 0.64cvss 9.1epss 0.19

    The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.

  • CVE-2015-6552CriMay 7, 2016
    risk 0.64cvss 9.8epss 0.02

    The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2…

  • CVE-2015-6550CriMay 7, 2016
    risk 0.64cvss 9.8epss 0.03

    bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary…

  • CVE-2013-5017CriJun 18, 2014
    risk 0.64cvss 9.8epss 0.07

    SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.

  • CVE-2001-1125CriOct 5, 2001
    risk 0.64cvss 9.8epss 0.02

    Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.

  • CVE-2017-6328HigAug 11, 2017
    risk 0.60cvss 8.8epss 0.02

    The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user…

  • CVE-2016-3646HigJun 30, 2016
    risk 0.59cvss 8.4epss 0.18

    The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec…

  • CVE-2016-3644HigJun 30, 2016
    risk 0.59cvss 8.4epss 0.18

    The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec…

  • CVE-2016-2207HigJun 30, 2016
    risk 0.59cvss 8.4epss 0.18

    The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec…

  • CVE-2015-8151CriFeb 18, 2016
    risk 0.59cvss 9.1epss 0.02

    Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access.

  • CVE-2025-30248HigJan 26, 2026
    risk 0.58cvss epss 0.01

    DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path.

  • CVE-2016-5313HigApr 12, 2017
    risk 0.58cvss 8.8epss 0.05

    Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.

  • CVE-2015-8154HigMar 18, 2016
    risk 0.58cvss 8.8epss 0.05

    The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions."

  • CVE-2025-52351HigAug 21, 2025
    risk 0.57cvss 8.8epss 0.00

    Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in…

  • CVE-2018-12243HigSep 19, 2018
    risk 0.57cvss 8.8epss 0.01

    The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI…

  • CVE-2018-5237HigJun 20, 2018
    risk 0.57cvss 8.8epss 0.02

    Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.

  • CVE-2016-9092HigMay 11, 2017
    risk 0.57cvss 8.8epss 0.01

    The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the…

  • CVE-2017-6407HigMar 2, 2017
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.

  • CVE-2017-6406HigMar 2, 2017
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.

  • CVE-2017-6400HigMar 2, 2017
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).

  • CVE-2017-6399HigMar 2, 2017
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.

  • CVE-2016-3650HigJun 30, 2016
    risk 0.57cvss 8.8epss 0.01

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack.

  • CVE-2016-3648HigJun 30, 2016
    risk 0.57cvss 8.8epss 0.02

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the…

  • CVE-2015-8157HigJun 8, 2016
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP)…

  • CVE-2015-8153HigMar 18, 2016
    risk 0.57cvss 8.8epss 0.03

    SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2018-5234HigApr 30, 2018
    risk 0.56cvss 8.0epss 0.17

    The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software.

  • CVE-2024-35204HigMay 14, 2024
    risk 0.55cvss 8.4epss 0.00

    Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks.

  • CVE-2016-3653HigJun 30, 2016
    risk 0.55cvss 8.0epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.

  • CVE-2016-2211HigJun 30, 2016
    risk 0.55cvss 7.8epss 0.53

    The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec…

  • CVE-2016-2203HigApr 22, 2016
    risk 0.54cvss 7.8epss 0.07

    The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.

  • CVE-2016-2204HigApr 22, 2016
    risk 0.53cvss 8.2epss 0.01

    The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input.

Page 1 of 16