VYPR

Vendor CVEs

Symantec

All CVEs

788 total · sorted by risk
  • CVE-2006-1286Mar 19, 2006
    risk 0.00cvss epss 0.00

    Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensitive information from the database.

  • CVE-2006-1297Mar 19, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or…

  • CVE-2006-1298Mar 19, 2006
    risk 0.00cvss epss 0.02

    Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520, Backup Exec 10.0 for Windows Servers rev. 5484, and Backup Exec 9.1 for…

  • CVE-2006-1284Mar 19, 2006
    risk 0.00cvss epss 0.00

    The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks.

  • CVE-2006-0166Jan 11, 2006
    risk 0.00cvss epss 0.02

    Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus…

  • CVE-2005-4695Dec 31, 2005
    risk 0.00cvss epss 0.03

    Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages.

  • CVE-2005-3768Nov 23, 2005
    risk 0.00cvss epss 0.04

    Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute…

  • CVE-2005-3316Oct 27, 2005
    risk 0.00cvss epss 0.01

    The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password.

  • CVE-2005-3270Oct 21, 2005
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file.

  • CVE-2005-2759Oct 20, 2005
    risk 0.00cvss epss 0.00

    ** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this candidate was also originally assigned to an issue in…

  • CVE-2005-3217Oct 14, 2005
    risk 0.00cvss epss 0.02

    Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar…

  • CVE-2005-2996Sep 20, 2005
    risk 0.00cvss epss 0.06

    Multiple heap-based and stack-based buffer overflows in certain DCOM server components in VERITAS Storage Exec Storage Exec 5.3 before Hotfix 9 and StorageCentral 5.2 before Hot Fix 2 allow remote attackers to execute arbitrary code via certain ActiveX controls.

  • CVE-2005-2766Sep 2, 2005
    risk 0.00cvss epss 0.00

    Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password…

  • CVE-2005-2017Aug 30, 2005
    risk 0.00cvss epss 0.02

    Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540.

  • CVE-2005-2079Aug 2, 2005
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code.

  • CVE-2005-2389Jul 27, 2005
    risk 0.00cvss epss 0.01

    NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null dereference.

  • CVE-2005-2080Jun 29, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server.

  • CVE-2005-2051Jun 28, 2005
    risk 0.00cvss epss 0.03

    Buffer overflow in the VERITAS Backup Exec Web Administration Console (BEWAC) 9.0 4367 through 10.0 rev. 5484 allows remote attackers to execute arbitrary code.

  • CVE-2005-1970Jun 16, 2005
    risk 0.00cvss epss 0.00

    Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature.

  • CVE-2005-1867Jun 9, 2005
    risk 0.00cvss epss 0.02

    Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges.

  • CVE-2005-1131May 2, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact.

  • CVE-2005-0923May 2, 2005
    risk 0.00cvss epss 0.00

    The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network…

  • CVE-2005-0817May 2, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites.

  • CVE-2005-1346May 2, 2005
    risk 0.00cvss epss 0.01

    Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on…

  • CVE-2005-0618May 2, 2005
    risk 0.00cvss epss 0.01

    The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a…

  • CVE-2005-0922May 2, 2005
    risk 0.00cvss epss 0.03

    Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.

  • CVE-2004-1473Dec 31, 2004
    risk 0.00cvss epss 0.04

    Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd,…

  • CVE-2004-1474Dec 31, 2004
    risk 0.00cvss epss 0.03

    Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall's configuration…

  • CVE-2004-1472Dec 31, 2004
    risk 0.00cvss epss 0.04

    Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface.

  • CVE-2004-2070Dec 31, 2004
    risk 0.00cvss epss 0.00

    The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590.

  • CVE-2004-1483Dec 31, 2004
    risk 0.00cvss epss 0.02

    Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact.

  • CVE-2004-2147Dec 31, 2004
    risk 0.00cvss epss 0.01

    Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body.

  • CVE-2004-2205Dec 31, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root access via unspecified vectors.

  • CVE-2004-0369Dec 31, 2004
    risk 0.00cvss epss 0.04

    Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload.

  • CVE-2004-2609Dec 31, 2004
    risk 0.00cvss epss 0.00

    The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow.

  • CVE-2004-2755Dec 31, 2004
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages.

  • CVE-2004-2622Dec 31, 2004
    risk 0.00cvss epss 0.03

    AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.

  • CVE-2004-1768Dec 17, 2004
    risk 0.00cvss epss 0.02

    The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized by the converters.

  • CVE-2004-0920Nov 3, 2004
    risk 0.00cvss epss 0.02

    Symantec Norton AntiVirus 2004, and earlier versions, allows a virus or other malicious code to avoid detection or cause a denial of service (application crash) using a filename containing an MS-DOS device name.

  • CVE-2004-1624Oct 21, 2004
    risk 0.00cvss epss 0.00

    Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy…

  • CVE-2004-1694Sep 21, 2004
    risk 0.00cvss epss 0.02

    Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.

  • CVE-2004-0364Apr 15, 2004
    risk 0.00cvss epss 0.04

    The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.

  • CVE-2004-0190Mar 15, 2004
    risk 0.00cvss epss 0.01

    Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.

  • CVE-2003-0994Feb 3, 2004
    risk 0.00cvss epss 0.00

    The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows…

  • CVE-2003-1451Dec 31, 2003
    risk 0.00cvss epss 0.03

    Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename.

  • CVE-2003-1361Dec 31, 2003
    risk 0.00cvss epss 0.02

    Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.

  • CVE-2003-0936Dec 15, 2003
    risk 0.00cvss epss 0.00

    Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe.

  • CVE-2003-0106Apr 2, 2003
    risk 0.00cvss epss 0.01

    The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.

  • CVE-2002-1535Mar 31, 2003
    risk 0.00cvss epss 0.02

    Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present.

  • CVE-2002-1540Mar 31, 2003
    risk 0.00cvss epss 0.00

    The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.

Page 15 of 16