VYPR

Vendor CVEs

Symantec

All CVEs

788 total · sorted by risk
  • CVE-2002-2317Dec 31, 2002
    risk 0.00cvss epss 0.02

    Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.

  • CVE-2002-2397Dec 31, 2002
    risk 0.00cvss epss 0.02

    Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0.

  • CVE-2002-1774Dec 31, 2002
    risk 0.00cvss epss 0.03

    NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the…

  • CVE-2002-1937Dec 31, 2002
    risk 0.00cvss epss 0.01

    Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the…

  • CVE-2002-2294Dec 31, 2002
    risk 0.00cvss epss 0.02

    Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (service termination) via (1) malformed…

  • CVE-2002-1775Dec 31, 2002
    risk 0.00cvss epss 0.03

    NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue,…

  • CVE-2002-1778Dec 31, 2002
    risk 0.00cvss epss 0.02

    Symantec Norton Personal Firewall 2002 allows remote attackers to bypass the portscan protection by using a (1) SYN/FIN, (2) SYN/FIN/URG, (3) SYN/FIN/PUSH, or (4) SYN/FIN/URG/PUSH scan.

  • CVE-2002-1817Dec 31, 2002
    risk 0.00cvss epss 0.01

    Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors.

  • CVE-2002-2206Dec 31, 2002
    risk 0.00cvss epss 0.02

    The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries.

  • CVE-2002-1777Dec 31, 2002
    risk 0.00cvss epss 0.03

    NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition…

  • CVE-2002-1779Dec 31, 2002
    risk 0.00cvss epss 0.01

    The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305).

  • CVE-2002-1776Dec 31, 2002
    risk 0.00cvss epss 0.03

    NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the…

  • CVE-2002-0990Oct 28, 2002
    risk 0.00cvss epss 0.02

    The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to…

  • CVE-2002-1117Oct 4, 2002
    risk 0.00cvss epss 0.02

    Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.

  • CVE-2002-0663Jul 26, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request.

  • CVE-2002-0538Jul 3, 2002
    risk 0.00cvss epss 0.02

    FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability.

  • CVE-2002-0344Jun 25, 2002
    risk 0.00cvss epss 0.03

    Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server.

  • CVE-2002-0345Jun 25, 2002
    risk 0.00cvss epss 0.02

    Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges.

  • CVE-2002-0309May 31, 2002
    risk 0.00cvss epss 0.02

    SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall…

  • CVE-2002-0302May 31, 2002
    risk 0.00cvss epss 0.01

    The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack.

  • CVE-2001-1126Oct 5, 2001
    risk 0.00cvss epss 0.03

    Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site.

  • CVE-2001-0645Sep 20, 2001
    risk 0.00cvss epss 0.03

    Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password.

  • CVE-2001-1099Sep 7, 2001
    risk 0.00cvss epss 0.03

    The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.

  • CVE-2001-0549Aug 14, 2001
    risk 0.00cvss epss 0.00

    Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords.

  • CVE-2001-0599Aug 2, 2001
    risk 0.00cvss epss 0.02

    Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier as included with Symantec Ghost 6.5 allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to port 2638.

  • CVE-2001-0598Aug 2, 2001
    risk 0.00cvss epss 0.02

    Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled.

  • CVE-2001-0483Jun 18, 2001
    risk 0.00cvss epss 0.02

    Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set.

  • CVE-2001-0287May 3, 2001
    risk 0.00cvss epss 0.00

    VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command.

  • CVE-2001-0107Mar 12, 2001
    risk 0.00cvss epss 0.02

    Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang.

  • CVE-2000-1007Dec 11, 2000
    risk 0.00cvss epss 0.01

    I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors.

  • CVE-2000-0793Oct 20, 2000
    risk 0.00cvss epss 0.02

    Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.

  • CVE-2000-0478Jun 14, 2000
    risk 0.00cvss epss 0.02

    In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server.

  • CVE-2000-0477Jun 14, 2000
    risk 0.00cvss epss 0.03

    Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names.

  • CVE-2000-0273Apr 9, 2000
    risk 0.00cvss epss 0.01

    PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt.

  • CVE-2000-0238Mar 17, 2000
    risk 0.00cvss epss 0.02

    Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL.

  • CVE-1999-1004Dec 16, 1999
    risk 0.00cvss epss 0.02

    Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command.

  • CVE-1999-1323Apr 9, 1999
    risk 0.00cvss epss 0.00

    Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE.

  • CVE-1999-1380May 4, 1997
    risk 0.00cvss epss 0.02

    Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.

Page 16 of 16