VYPR

Vendor CVEs

Symantec

All CVEs

788 total · sorted by risk
  • CVE-2018-5240HigJul 25, 2018
    risk 0.52cvss 8.0epss 0.01

    The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower…

  • CVE-2016-3651HigJun 30, 2016
    risk 0.52cvss 8.0epss 0.02

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors.

  • CVE-2016-2209HigJun 30, 2016
    risk 0.52cvss 7.3epss 0.21

    Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint…

  • CVE-2015-8798HigJun 8, 2016
    risk 0.52cvss 8.0epss 0.03

    Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection…

  • CVE-2015-8152HigMar 18, 2016
    risk 0.52cvss 8.0epss 0.02

    Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.

  • CVE-2005-0772HigJun 28, 2005
    risk 0.52cvss 7.5epss 0.36

    VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status"…

  • CVE-2016-20061HigApr 4, 2026
    risk 0.51cvss 7.8epss 0.00

    sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or…

  • CVE-2026-3991HigMar 30, 2026
    risk 0.51cvss 7.8epss 0.00

    Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software…

  • CVE-2019-25269HigFeb 5, 2026
    risk 0.51cvss 7.8epss 0.00

    Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory…

  • CVE-2020-37045HigFeb 1, 2026
    risk 0.51cvss 7.8epss 0.00

    Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject…

  • CVE-2018-5238HigAug 22, 2018
    risk 0.51cvss 7.8epss 0.02

    Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.…

  • CVE-2016-9094HigApr 16, 2018
    risk 0.51cvss 7.8epss 0.01

    Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential…

  • CVE-2017-13681HigNov 6, 2017
    risk 0.51cvss 7.8epss 0.00

    Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this…

  • CVE-2017-13674HigSep 1, 2017
    risk 0.51cvss 7.8epss 0.00

    Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem…

  • CVE-2017-6329HigAug 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is…

  • CVE-2016-9100HigMay 11, 2017
    risk 0.51cvss 7.8epss 0.00

    Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the…

  • CVE-2017-7444HigApr 5, 2017
    risk 0.51cvss 7.8epss 0.01

    In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.

  • CVE-2017-6401HigMar 2, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.

  • CVE-2016-2210HigJun 30, 2016
    risk 0.51cvss 7.3epss 0.11

    Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint…

  • CVE-2015-8156HigMay 14, 2016
    risk 0.51cvss 7.8epss 0.00

    Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.

  • CVE-2015-8150HigFeb 18, 2016
    risk 0.51cvss 7.8epss 0.00

    Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file.

  • CVE-2013-1609HigMar 26, 2013
    risk 0.51cvss 7.8epss 0.00

    Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program.

  • CVE-2008-6828HigJun 8, 2009
    risk 0.51cvss 7.8epss 0.00

    Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.

  • CVE-2008-6827HigJun 8, 2009
    risk 0.51cvss 7.8epss 0.01

    The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite…

  • CVE-2016-5312MedApr 14, 2017
    risk 0.50cvss 6.5epss 0.54

    Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.

  • CVE-2016-3647HigJun 30, 2016
    risk 0.50cvss 7.7epss 0.02

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request.

  • CVE-2015-8799HigJun 8, 2016
    risk 0.50cvss 7.6epss 0.06

    Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection…

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2024-27359HigFeb 26, 2024
    risk 0.49cvss 7.5epss 0.01

    Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements…

  • CVE-2018-5243HigAug 20, 2018
    risk 0.49cvss 7.5epss 0.02

    The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its…

  • CVE-2017-13677HigApr 11, 2018
    risk 0.49cvss 7.5epss 0.05

    Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.

  • CVE-2017-6331HigNov 6, 2017
    risk 0.49cvss 7.1epss 0.02

    Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.

  • CVE-2017-6405HigMar 2, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.

  • CVE-2015-8149HigFeb 18, 2016
    risk 0.49cvss 7.5epss 0.02

    The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests.

  • CVE-2015-8148HigFeb 18, 2016
    risk 0.49cvss 7.5epss 0.02

    The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request.

  • CVE-2002-0485HigAug 12, 2002
    risk 0.49cvss 7.5epss 0.01

    Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.

  • CVE-2016-10258MedApr 11, 2018
    risk 0.48cvss 6.8epss 0.05

    Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and…

  • CVE-2017-6324HigJun 26, 2017
    risk 0.48cvss 7.3epss 0.01

    The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm…

  • CVE-2016-5304MedJun 30, 2016
    risk 0.48cvss 6.8epss 0.04

    Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2015-8800HigJun 8, 2016
    risk 0.48cvss 7.3epss 0.01

    Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced…

  • CVE-2016-9097HigMay 11, 2017
    risk 0.47cvss 7.2epss 0.02

    The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator…

  • CVE-2016-9093HigApr 16, 2018
    risk 0.46cvss 7.0epss 0.00

    A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk…

  • CVE-2017-13676HigSep 28, 2017
    risk 0.46cvss 7.0epss 0.00

    Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will…

  • CVE-2017-6408HigMar 2, 2017
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.

  • CVE-2004-0217HigApr 15, 2004
    risk 0.46cvss 7.0epss 0.00

    The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.

  • CVE-2025-13918MedJan 28, 2026
    risk 0.44cvss 6.7epss 0.00

    Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to…

  • CVE-2024-34404MedMay 3, 2024
    risk 0.44cvss 6.8epss 0.00

    A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 and NetBackup Appliance before 5.4. By design, only the cloud administrator should be able to disable the retention lock of Governance mode images. This vulnerability allowed a…

  • CVE-2017-15534MedMar 26, 2018
    risk 0.44cvss 6.7epss 0.00

    The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access.

  • CVE-2017-15527MedNov 20, 2017
    risk 0.44cvss 6.8epss 0.01

    Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing…

  • CVE-2017-15526MedNov 13, 2017
    risk 0.44cvss 6.8epss 0.00

    Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario.

Page 2 of 16