Filtered by vendor Symantec
Subscribe
Total
571 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3703 | 1 Symantec | 1 Veritas Storage Foundation | 2024-11-21 | 10.0 HIGH | N/A |
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279. | |||||
CVE-2008-3248 | 1 Symantec | 1 Veritas File System | 2024-11-21 | 4.6 MEDIUM | N/A |
qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files. | |||||
CVE-2008-2794 | 1 Symantec | 1 Altiris Notification Server | 2024-11-21 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors. | |||||
CVE-2008-2512 | 1 Symantec | 1 Backupexec System Recovery | 2024-11-21 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
CVE-2008-2291 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | 7.5 HIGH | N/A |
axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. | |||||
CVE-2008-2290 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | 7.2 HIGH | N/A |
Unspecified vulnerability in the Agent user interface in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. | |||||
CVE-2008-2289 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | 7.2 HIGH | N/A |
Unspecified vulnerability in a tooltip element in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows local users to gain privileges via unknown attack vectors. | |||||
CVE-2008-2288 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | 3.6 LOW | N/A |
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information. | |||||
CVE-2008-2287 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | 7.2 HIGH | N/A |
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse. | |||||
CVE-2008-2286 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet. | |||||
CVE-2008-1754 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | 1.7 LOW | N/A |
Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. | |||||
CVE-2008-1473 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | 7.2 HIGH | N/A |
The Altiris Client Service (AClient.exe) in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack. | |||||
CVE-2008-0716 | 1 Symantec | 1 Altiris Notification Server | 2024-11-21 | 6.8 MEDIUM | N/A |
The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 allows local users to gain privileges via a "Shatter" style attack. | |||||
CVE-2008-0640 | 1 Symantec | 1 Ghost Solutions Suite | 2024-11-21 | 10.0 HIGH | N/A |
Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing. | |||||
CVE-2008-0638 | 1 Symantec | 1 Veritas Storage Foundation | 2024-11-21 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size. | |||||
CVE-2008-0457 | 1 Symantec | 1 Backupexec System Recovery | 2024-11-21 | 10.0 HIGH | N/A |
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors. | |||||
CVE-2008-0313 | 1 Symantec | 4 Norton 360, Norton Antivirus, Norton Internet Security and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share. | |||||
CVE-2008-0312 | 2 Microsoft, Symantec | 5 Windows, Norton 360, Norton Antivirus and 2 more | 2024-11-21 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0309 | 1 Symantec | 10 Scan Engine, Symantec Antivirus Filtering Domino Mpe, Symantec Antivirus Network Attached Storage and 7 more | 2024-11-21 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp). | |||||
CVE-2008-0308 | 1 Symantec | 10 Scan Engine, Symantec Antivirus Clearswift, Symantec Antivirus Filtering Domino Mpe and 7 more | 2024-11-21 | 7.1 HIGH | N/A |
Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp). |