Vulnerabilities (CVE)

Filtered by vendor Symantec Subscribe
Total 571 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-0297 1 Symantec 1 Web Gateway 2024-02-28 10.0 HIGH N/A
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
CVE-2012-0305 1 Symantec 2 Backupexec System Recovery, System Recovery 2024-02-28 4.4 MEDIUM N/A
Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVE-2012-0295 1 Symantec 1 Endpoint Protection 2024-02-28 9.3 HIGH N/A
The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294.
CVE-2012-3580 1 Symantec 1 Messaging Gateway 2024-02-28 7.7 HIGH N/A
Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface.
CVE-2012-0289 1 Symantec 2 Endpoint Protection, Network Access Control 2024-02-28 7.2 HIGH N/A
Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.
CVE-2012-4351 1 Symantec 2 Encryption Desktop, Pgp Desktop 2024-02-28 6.9 MEDIUM N/A
Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application.
CVE-2013-5010 1 Symantec 1 Endpoint Protection 2024-02-28 4.6 MEDIUM N/A
The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors.
CVE-2012-0301 1 Symantec 1 Message Filter 2024-02-28 5.4 MEDIUM N/A
Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2013-1616 1 Symantec 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 2024-02-28 8.3 HIGH N/A
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.
CVE-2012-4350 1 Symantec 1 Enterprise Security Manager 2024-02-28 7.2 HIGH N/A
Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors.
CVE-2013-1615 1 Symantec 2 Security Information Manager, Security Information Manager Appliance 2024-02-28 2.9 LOW N/A
The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls.
CVE-2012-0307 1 Symantec 1 Messaging Gateway 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content.
CVE-2012-0303 1 Symantec 1 Message Filter 2024-02-28 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts.
CVE-2013-5009 1 Symantec 1 Endpoint Protection 2024-02-28 7.4 HIGH N/A
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.
CVE-2012-1421 4 Cat, Norman, Rising-global and 1 more 4 Quick Heal, Norman Antivirus \& Antispyware, Rising Antivirus and 1 more 2024-02-28 4.3 MEDIUM N/A
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MSCF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
CVE-2012-4178 1 Symantec 1 Web Gateway 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter.
CVE-2012-6533 2 Microsoft, Symantec 4 Windows 2003 Server, Windows Xp, Encryption Desktop and 1 more 2024-02-28 4.4 MEDIUM N/A
Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.
CVE-2010-3497 1 Symantec 1 Norton Antivirus 2024-02-28 6.4 MEDIUM N/A
Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
CVE-2012-3579 1 Symantec 1 Messaging Gateway 2024-02-28 7.9 HIGH N/A
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
CVE-2013-1612 1 Symantec 2 Endpoint Protection Center, Endpoint Protection Manager 2024-02-28 7.9 HIGH N/A
Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors.