Vulnerabilities (CVE)

Filtered by vendor Symantec Subscribe
Total 571 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-3432 1 Symantec 1 Data Insight 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field.
CVE-2014-3431 2 Apple, Symantec 3 Mac Os X, Encryption Desktop, Pgp Desktop 2024-11-21 4.3 MEDIUM N/A
Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.
CVE-2014-1652 1 Symantec 1 Web Gateway 2024-11-21 2.3 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters.
CVE-2014-1651 1 Symantec 1 Web Gateway 2024-11-21 5.8 MEDIUM N/A
SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-1650 1 Symantec 1 Web Gateway 2024-11-21 5.2 MEDIUM N/A
SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-1649 1 Symantec 1 Workspace Streaming 2024-11-21 7.9 HIGH N/A
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
CVE-2014-1648 1 Symantec 1 Messaging Gateway 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.
CVE-2014-1647 1 Symantec 2 Encryption Desktop, Pgp Desktop 2024-11-21 2.6 LOW N/A
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
CVE-2014-1646 1 Symantec 2 Encryption Desktop, Pgp Desktop 2024-11-21 2.6 LOW N/A
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
CVE-2014-1645 1 Symantec 1 Liveupdate Administrator 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-1644 1 Symantec 1 Liveupdate Administrator 2024-11-21 7.5 HIGH N/A
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.
CVE-2014-1643 1 Symantec 1 Encryption Management Server 2024-11-21 4.0 MEDIUM N/A
The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL.
CVE-2013-5017 1 Symantec 1 Web Gateway 2024-11-21 7.9 HIGH 9.8 CRITICAL
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2013-5015 1 Symantec 2 Endpoint Protection Manager, Protection Center 2024-11-21 6.5 MEDIUM N/A
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5014 1 Symantec 2 Endpoint Protection Manager, Protection Center 2024-11-21 7.5 HIGH N/A
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-5013 1 Symantec 1 Web Gateway 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via (1) vectors involving PHP scripts and (2) unspecified other vectors.
CVE-2013-5012 1 Symantec 1 Web Gateway 2024-11-21 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5011 1 Symantec 1 Endpoint Protection 2024-11-21 7.2 HIGH N/A
Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory.
CVE-2013-5010 1 Symantec 1 Endpoint Protection 2024-11-21 4.6 MEDIUM N/A
The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors.
CVE-2013-5009 1 Symantec 1 Endpoint Protection 2024-11-21 7.4 HIGH N/A
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.