VYPR

Vendor CVEs

Symantec

All CVEs

788 total · sorted by risk
  • CVE-2017-6325MedJun 26, 2017
    risk 0.43cvss 6.6epss 0.03

    The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using…

  • CVE-2026-44923MedMay 20, 2026
    risk 0.42cvss 6.5epss 0.00

    SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.

  • CVE-2024-46542MedDec 30, 2024
    risk 0.42cvss 6.5epss 0.01

    Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks.

  • CVE-2010-0109MedFeb 19, 2018
    risk 0.42cvss 6.5epss 0.01

    DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.

  • CVE-2017-6330MedSep 13, 2017
    risk 0.42cvss 6.5epss 0.01

    Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests."

  • CVE-2017-6402MedMar 2, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.

  • CVE-2025-2916MedMar 28, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. This issue affects some unknown processing of the file /doscall/weixin/open/amr2mp3. The manipulation of the argument File leads to command injection. The attack may…

  • CVE-2018-5239MedJul 16, 2018
    risk 0.40cvss 6.2epss 0.00

    Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.

  • CVE-2018-5242MedJun 13, 2018
    risk 0.40cvss 6.2epss 0.00

    Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.

  • CVE-2016-10257MedJan 10, 2018
    risk 0.40cvss 6.1epss 0.01

    The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console…

  • CVE-2016-10256MedJan 10, 2018
    risk 0.40cvss 6.1epss 0.01

    The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the…

  • CVE-2017-15529MedDec 13, 2017
    risk 0.40cvss 6.2epss 0.00

    Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting…

  • CVE-2016-9099MedMay 11, 2017
    risk 0.40cvss 6.1epss 0.02

    Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing…

  • CVE-2025-32987MedApr 15, 2025
    risk 0.39cvss 6.0epss 0.00

    Arctera eDiscovery Platform before 10.3.2, when Enterprise Vault Collection Module is used, places a cleartext password on a command line in EVSearcher.

  • CVE-2018-5235MedAug 22, 2018
    risk 0.39cvss 6.0epss 0.00

    Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is…

  • CVE-2017-15533MedMay 17, 2018
    risk 0.39cvss 5.9epss 0.02

    Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT…

  • CVE-2016-5310MedApr 14, 2017
    risk 0.39cvss 5.5epss 0.05

    The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint…

  • CVE-2016-5309MedApr 14, 2017
    risk 0.39cvss 5.5epss 0.07

    The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint…

  • CVE-2018-12240MedAug 29, 2018
    risk 0.38cvss 5.9epss 0.01

    The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials.

  • CVE-2017-18268MedMay 17, 2018
    risk 0.38cvss 5.9epss 0.02

    Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the…

  • CVE-2016-10259MedApr 11, 2017
    risk 0.38cvss 5.9epss 0.01

    Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily…

  • CVE-2016-3652MedJun 30, 2016
    risk 0.38cvss 5.4epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-6551MedMay 7, 2016
    risk 0.38cvss 5.9epss 0.01

    Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the…

  • CVE-2017-15532MedDec 20, 2017
    risk 0.37cvss 5.7epss 0.01

    Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to…

  • CVE-2017-13683MedOct 23, 2017
    risk 0.37cvss 5.7epss 0.00

    In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented…

  • CVE-2017-13682MedOct 23, 2017
    risk 0.37cvss 5.7epss 0.00

    In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented…

  • CVE-2016-2206MedJul 12, 2016
    risk 0.37cvss 5.7epss 0.01

    The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the…

  • CVE-2016-2205MedJul 12, 2016
    risk 0.37cvss 5.7epss 0.02

    Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6…

  • CVE-2011-3477MedFeb 19, 2018
    risk 0.36cvss 5.5epss 0.01

    GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors.

  • CVE-2017-13680MedNov 6, 2017
    risk 0.36cvss 5.5epss 0.00

    Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.

  • CVE-2017-6404MedMar 2, 2017
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.

  • CVE-2016-5308MedJul 12, 2016
    risk 0.36cvss 5.5epss 0.02

    The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file.

  • CVE-2016-2202MedApr 20, 2016
    risk 0.36cvss 5.5epss 0.00

    The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors.

  • CVE-2026-44924MedMay 20, 2026
    risk 0.35cvss 5.4epss 0.00

    InfoScale VIOM 9.1.3 allows XSS.

  • CVE-2018-5236MedJun 20, 2018
    risk 0.35cvss 5.3epss 0.01

    Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.

  • CVE-2016-5306MedJun 30, 2016
    risk 0.35cvss 5.3epss 0.02

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445.

  • CVE-2016-5305MedJun 30, 2016
    risk 0.35cvss 5.4epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack.

  • CVE-2025-43704MedApr 16, 2025
    risk 0.31cvss 4.7epss 0.00

    Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server.

  • CVE-2017-13678MedApr 11, 2018
    risk 0.31cvss 4.8epss 0.01

    Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.

  • CVE-2025-13919MedJan 28, 2026
    risk 0.29cvss 4.4epss 0.00

    Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the…

  • CVE-2017-15525MedNov 13, 2017
    risk 0.29cvss 4.5epss 0.00

    Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or…

  • CVE-2016-5307MedJun 30, 2016
    risk 0.28cvss 4.3epss 0.03

    Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors.

  • CVE-2016-3649MedJun 30, 2016
    risk 0.28cvss 4.3epss 0.02

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests.

  • CVE-2017-13679MedOct 10, 2017
    risk 0.27cvss 4.2epss 0.00

    A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a…

  • CVE-2017-13675MedOct 10, 2017
    risk 0.27cvss 4.2epss 0.00

    A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.

  • CVE-2021-27877KEVMar 1, 2021
    risk 0.24cvss epss 0.65

    An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely…

  • CVE-2021-27878KEVMar 1, 2021
    risk 0.21cvss epss 0.24

    An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an…

  • CVE-2021-27876KEVMar 1, 2021
    risk 0.21cvss epss 0.13

    An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an…

  • CVE-2017-15530LowDec 13, 2017
    risk 0.21cvss 3.3epss 0.00

    Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note…

  • CVE-2015-8801LowJun 30, 2016
    risk 0.19cvss 2.9epss 0.00

    Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.

Page 3 of 16