Vendor CVEs
Symantec
All CVEs
788 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-2317 | 0.00 | — | 0.02 | Dec 31, 2002 | Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. | |||
| CVE-2002-2397 | 0.00 | — | 0.02 | Dec 31, 2002 | Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. | |||
| CVE-2002-1774 | 0.00 | — | 0.03 | Dec 31, 2002 | NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the… | |||
| CVE-2002-1937 | 0.00 | — | 0.01 | Dec 31, 2002 | Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the… | |||
| CVE-2002-2294 | 0.00 | — | 0.02 | Dec 31, 2002 | Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (service termination) via (1) malformed… | |||
| CVE-2002-1775 | 0.00 | — | 0.03 | Dec 31, 2002 | NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue,… | |||
| CVE-2002-1778 | 0.00 | — | 0.02 | Dec 31, 2002 | Symantec Norton Personal Firewall 2002 allows remote attackers to bypass the portscan protection by using a (1) SYN/FIN, (2) SYN/FIN/URG, (3) SYN/FIN/PUSH, or (4) SYN/FIN/URG/PUSH scan. | |||
| CVE-2002-1817 | 0.00 | — | 0.01 | Dec 31, 2002 | Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors. | |||
| CVE-2002-2206 | 0.00 | — | 0.02 | Dec 31, 2002 | The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries. | |||
| CVE-2002-1777 | 0.00 | — | 0.03 | Dec 31, 2002 | NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition… | |||
| CVE-2002-1779 | 0.00 | — | 0.01 | Dec 31, 2002 | The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305). | |||
| CVE-2002-1776 | 0.00 | — | 0.03 | Dec 31, 2002 | NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the… | |||
| CVE-2002-0990 | 0.00 | — | 0.02 | Oct 28, 2002 | The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to… | |||
| CVE-2002-1117 | 0.00 | — | 0.02 | Oct 4, 2002 | Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares. | |||
| CVE-2002-0663 | 0.00 | — | 0.03 | Jul 26, 2002 | Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request. | |||
| CVE-2002-0538 | 0.00 | — | 0.02 | Jul 3, 2002 | FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability. | |||
| CVE-2002-0344 | 0.00 | — | 0.03 | Jun 25, 2002 | Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server. | |||
| CVE-2002-0345 | 0.00 | — | 0.02 | Jun 25, 2002 | Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges. | |||
| CVE-2002-0309 | 0.00 | — | 0.02 | May 31, 2002 | SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall… | |||
| CVE-2002-0302 | 0.00 | — | 0.01 | May 31, 2002 | The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack. | |||
| CVE-2001-1126 | 0.00 | — | 0.03 | Oct 5, 2001 | Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site. | |||
| CVE-2001-0645 | 0.00 | — | 0.03 | Sep 20, 2001 | Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password. | |||
| CVE-2001-1099 | 0.00 | — | 0.03 | Sep 7, 2001 | The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. | |||
| CVE-2001-0549 | 0.00 | — | 0.00 | Aug 14, 2001 | Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords. | |||
| CVE-2001-0599 | 0.00 | — | 0.02 | Aug 2, 2001 | Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier as included with Symantec Ghost 6.5 allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to port 2638. | |||
| CVE-2001-0598 | 0.00 | — | 0.02 | Aug 2, 2001 | Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled. | |||
| CVE-2001-0483 | 0.00 | — | 0.02 | Jun 18, 2001 | Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set. | |||
| CVE-2001-0287 | 0.00 | — | 0.00 | May 3, 2001 | VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command. | |||
| CVE-2001-0107 | 0.00 | — | 0.02 | Mar 12, 2001 | Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang. | |||
| CVE-2000-1007 | 0.00 | — | 0.01 | Dec 11, 2000 | I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors. | |||
| CVE-2000-0793 | 0.00 | — | 0.02 | Oct 20, 2000 | Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system. | |||
| CVE-2000-0478 | 0.00 | — | 0.02 | Jun 14, 2000 | In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server. | |||
| CVE-2000-0477 | 0.00 | — | 0.03 | Jun 14, 2000 | Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names. | |||
| CVE-2000-0273 | 0.00 | — | 0.01 | Apr 9, 2000 | PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt. | |||
| CVE-2000-0238 | 0.00 | — | 0.02 | Mar 17, 2000 | Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL. | |||
| CVE-1999-1004 | 0.00 | — | 0.02 | Dec 16, 1999 | Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command. | |||
| CVE-1999-1323 | 0.00 | — | 0.00 | Apr 9, 1999 | Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE. | |||
| CVE-1999-1380 | 0.00 | — | 0.02 | May 4, 1997 | Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0. |
- CVE-2002-2317Dec 31, 2002risk 0.00cvss —epss 0.02
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.
- CVE-2002-2397Dec 31, 2002risk 0.00cvss —epss 0.02
Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0.
- CVE-2002-1774Dec 31, 2002risk 0.00cvss —epss 0.03
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the…
- CVE-2002-1937Dec 31, 2002risk 0.00cvss —epss 0.01
Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the…
- CVE-2002-2294Dec 31, 2002risk 0.00cvss —epss 0.02
Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (service termination) via (1) malformed…
- CVE-2002-1775Dec 31, 2002risk 0.00cvss —epss 0.03
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue,…
- CVE-2002-1778Dec 31, 2002risk 0.00cvss —epss 0.02
Symantec Norton Personal Firewall 2002 allows remote attackers to bypass the portscan protection by using a (1) SYN/FIN, (2) SYN/FIN/URG, (3) SYN/FIN/PUSH, or (4) SYN/FIN/URG/PUSH scan.
- CVE-2002-1817Dec 31, 2002risk 0.00cvss —epss 0.01
Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors.
- CVE-2002-2206Dec 31, 2002risk 0.00cvss —epss 0.02
The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries.
- CVE-2002-1777Dec 31, 2002risk 0.00cvss —epss 0.03
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition…
- CVE-2002-1779Dec 31, 2002risk 0.00cvss —epss 0.01
The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305).
- CVE-2002-1776Dec 31, 2002risk 0.00cvss —epss 0.03
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the…
- CVE-2002-0990Oct 28, 2002risk 0.00cvss —epss 0.02
The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to…
- CVE-2002-1117Oct 4, 2002risk 0.00cvss —epss 0.02
Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
- CVE-2002-0663Jul 26, 2002risk 0.00cvss —epss 0.03
Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request.
- CVE-2002-0538Jul 3, 2002risk 0.00cvss —epss 0.02
FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability.
- CVE-2002-0344Jun 25, 2002risk 0.00cvss —epss 0.03
Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server.
- CVE-2002-0345Jun 25, 2002risk 0.00cvss —epss 0.02
Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges.
- CVE-2002-0309May 31, 2002risk 0.00cvss —epss 0.02
SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall…
- CVE-2002-0302May 31, 2002risk 0.00cvss —epss 0.01
The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack.
- CVE-2001-1126Oct 5, 2001risk 0.00cvss —epss 0.03
Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site.
- CVE-2001-0645Sep 20, 2001risk 0.00cvss —epss 0.03
Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password.
- CVE-2001-1099Sep 7, 2001risk 0.00cvss —epss 0.03
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
- CVE-2001-0549Aug 14, 2001risk 0.00cvss —epss 0.00
Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords.
- CVE-2001-0599Aug 2, 2001risk 0.00cvss —epss 0.02
Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier as included with Symantec Ghost 6.5 allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to port 2638.
- CVE-2001-0598Aug 2, 2001risk 0.00cvss —epss 0.02
Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled.
- CVE-2001-0483Jun 18, 2001risk 0.00cvss —epss 0.02
Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set.
- CVE-2001-0287May 3, 2001risk 0.00cvss —epss 0.00
VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command.
- CVE-2001-0107Mar 12, 2001risk 0.00cvss —epss 0.02
Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang.
- CVE-2000-1007Dec 11, 2000risk 0.00cvss —epss 0.01
I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors.
- CVE-2000-0793Oct 20, 2000risk 0.00cvss —epss 0.02
Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.
- CVE-2000-0478Jun 14, 2000risk 0.00cvss —epss 0.02
In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server.
- CVE-2000-0477Jun 14, 2000risk 0.00cvss —epss 0.03
Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names.
- CVE-2000-0273Apr 9, 2000risk 0.00cvss —epss 0.01
PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt.
- CVE-2000-0238Mar 17, 2000risk 0.00cvss —epss 0.02
Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL.
- CVE-1999-1004Dec 16, 1999risk 0.00cvss —epss 0.02
Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command.
- CVE-1999-1323Apr 9, 1999risk 0.00cvss —epss 0.00
Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE.
- CVE-1999-1380May 4, 1997risk 0.00cvss —epss 0.02
Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
Page 16 of 16