Vulnerabilities (CVE)

Filtered by vendor Symantec Subscribe
Total 571 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-5013 1 Symantec 1 Web Gateway 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via (1) vectors involving PHP scripts and (2) unspecified other vectors.
CVE-2014-1648 1 Symantec 1 Messaging Gateway 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.
CVE-2013-5015 1 Symantec 2 Endpoint Protection Manager, Protection Center 2024-02-28 6.5 MEDIUM N/A
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1484 1 Symantec 1 Workspace Streaming 2024-02-28 6.9 MEDIUM N/A
Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.
CVE-2014-7287 1 Symantec 2 Encryption Management Server, Pgp Universal Server 2024-02-28 5.0 MEDIUM N/A
The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header.
CVE-2014-3431 2 Apple, Symantec 3 Mac Os X, Encryption Desktop, Pgp Desktop 2024-02-28 4.3 MEDIUM N/A
Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.
CVE-2014-3436 1 Symantec 2 Encryption Desktop, Pgp Desktop 2024-02-28 5.0 MEDIUM N/A
Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size.
CVE-2013-5017 1 Symantec 1 Web Gateway 2024-02-28 7.9 HIGH 9.8 CRITICAL
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2014-9226 2 Broadcom, Symantec 2 Symantec Critical System Protection, Data Center Security 2024-02-28 7.2 HIGH N/A
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
CVE-2014-9224 2 Broadcom, Symantec 2 Symantec Critical System Protection, Data Center Security 2024-02-28 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3438 1 Symantec 1 Endpoint Protection Manager 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7288 1 Symantec 2 Encryption Management Server, Pgp Universal Server 2024-02-28 9.0 HIGH N/A
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
CVE-2014-1651 1 Symantec 1 Web Gateway 2024-02-28 5.8 MEDIUM N/A
SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-7289 2 Broadcom, Symantec 2 Symantec Critical System Protection, Data Center Security 2024-02-28 6.5 MEDIUM N/A
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
CVE-2014-1644 1 Symantec 1 Liveupdate Administrator 2024-02-28 7.5 HIGH N/A
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.
CVE-2014-1646 1 Symantec 2 Encryption Desktop, Pgp Desktop 2024-02-28 2.6 LOW N/A
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
CVE-2015-1483 2 Linux, Symantec 2 Linux Kernel, Netbackup Opscenter 2024-02-28 7.5 HIGH N/A
Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors.
CVE-2014-1647 1 Symantec 2 Encryption Desktop, Pgp Desktop 2024-02-28 2.6 LOW N/A
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
CVE-2014-7285 1 Symantec 1 Web Gateway 2024-02-28 6.5 MEDIUM N/A
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.
CVE-2014-3439 1 Symantec 1 Endpoint Protection Manager 2024-02-28 6.1 MEDIUM N/A
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.