Vulnerabilities (CVE)

Filtered by vendor Symantec Subscribe
Total 571 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1608 1 Symantec 1 Netbackup Appliance 2024-11-21 6.7 MEDIUM N/A
Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2012-6533 2 Microsoft, Symantec 4 Windows 2003 Server, Windows Xp, Encryption Desktop and 1 more 2024-11-21 4.4 MEDIUM N/A
Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.
CVE-2012-6277 3 Hp, Ibm, Symantec 7 Autonomy Keyview Idol, Domino, Notes and 4 more 2024-11-21 9.3 HIGH 7.8 HIGH
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code."
CVE-2012-4953 1 Symantec 3 Antivirus, Endpoint Protection, Scan Engine 2024-11-21 9.3 HIGH N/A
The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file.
CVE-2012-4351 1 Symantec 2 Encryption Desktop, Pgp Desktop 2024-11-21 6.9 MEDIUM N/A
Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application.
CVE-2012-4350 1 Symantec 1 Enterprise Security Manager 2024-11-21 7.2 HIGH N/A
Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors.
CVE-2012-4349 1 Symantec 1 Network Access Control 2024-11-21 7.2 HIGH N/A
Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors.
CVE-2012-4348 1 Symantec 1 Endpoint Protection 2024-11-21 7.2 HIGH N/A
The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2012-4347 1 Symantec 1 Messaging Gateway 2024-11-21 5.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.
CVE-2012-4178 1 Symantec 1 Web Gateway 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter.
CVE-2012-3582 1 Symantec 1 Pgp Universal Server 2024-11-21 2.9 LOW N/A
Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's session.
CVE-2012-3581 1 Symantec 1 Messaging Gateway 2024-11-21 3.3 LOW N/A
Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.
CVE-2012-3580 1 Symantec 1 Messaging Gateway 2024-11-21 7.7 HIGH N/A
Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface.
CVE-2012-3579 1 Symantec 1 Messaging Gateway 2024-11-21 7.9 HIGH N/A
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
CVE-2012-2977 1 Symantec 1 Web Gateway 2024-11-21 5.0 MEDIUM N/A
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script.
CVE-2012-2976 1 Symantec 1 Web Gateway 2024-11-21 10.0 HIGH N/A
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue.
CVE-2012-2961 1 Symantec 1 Web Gateway 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-2957 1 Symantec 1 Web Gateway 2024-11-21 7.2 HIGH N/A
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue.
CVE-2012-2953 1 Symantec 1 Web Gateway 2024-11-21 10.0 HIGH N/A
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.
CVE-2012-2574 1 Symantec 1 Web Gateway 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.