Vulnerabilities (CVE)

Filtered by vendor Symantec Subscribe
Total 571 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-2361 1 Symantec 4 Backupexec System Recovery, Livestate Recovery, Norton Ghost and 1 more 2024-02-28 4.9 MEDIUM N/A
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.
CVE-2007-1792 1 Symantec 2 Mail Security, Mail Security 8820 Appliance 2024-02-28 7.8 HIGH N/A
libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02".
CVE-2007-3666 1 Symantec 1 Norton Ghost 2024-02-28 7.5 HIGH N/A
Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 allows remote attackers to execute arbitrary code via the Connect function.
CVE-2007-0447 1 Symantec 13 Antivirus Scan Engine, Brightmail Antispam, Client Security and 10 more 2024-02-28 9.3 HIGH N/A
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
CVE-2008-0308 1 Symantec 10 Scan Engine, Symantec Antivirus Clearswift, Symantec Antivirus Filtering Domino Mpe and 7 more 2024-02-28 7.1 HIGH N/A
Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).
CVE-2007-5047 1 Symantec 1 Norton Internet Security 2024-02-28 7.2 HIGH N/A
Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutant and NtOpenEvent function hooks are already covered by CVE-2007-1793.
CVE-2007-2896 2 Microsoft, Symantec 2 All Windows, Enterprise Security Manager 2024-02-28 4.3 MEDIUM N/A
Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports.
CVE-2006-5545 1 Symantec 1 Mail Security 2024-02-28 5.0 MEDIUM N/A
Premium Antispam in Symantec Mail Security for Domino Server 5.1.x before 5.1.2.28 does not filter certain SMTP address formats, which allows remote attackers to use the product as a spam relay.
CVE-2007-1593 1 Symantec 1 Veritas Volume Replicator 2024-02-28 5.0 MEDIUM N/A
The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer.
CVE-2007-3673 1 Symantec 6 Client Security, Norton Antispam, Norton Antivirus and 3 more 2024-02-28 6.9 MEDIUM N/A
Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
CVE-2007-2950 3 Centennial, Numara, Symantec 3 Discovery, Asset Manager, Discovery 2024-02-28 7.2 HIGH N/A
Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.
CVE-2006-4802 1 Symantec 2 Client Security, Norton Antivirus 2024-02-28 4.6 MEDIUM N/A
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.
CVE-2007-5555 1 Symantec 1 Altiris Deployment Solution 2024-02-28 6.9 MEDIUM N/A
Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2008-0638 1 Symantec 1 Veritas Storage Foundation 2024-02-28 9.3 HIGH N/A
Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size.
CVE-2006-3455 1 Symantec 2 Client Security, Norton Antivirus 2024-02-28 4.3 MEDIUM N/A
The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.
CVE-2006-5404 1 Symantec 4 Automated Support Assistant, Norton Antivirus, Norton Internet Security and 1 more 2024-02-28 2.6 LOW N/A
Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors.
CVE-2007-1252 1 Symantec 1 Mail Security 2024-02-28 9.3 HIGH N/A
Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.
CVE-2007-0563 1 Symantec 1 Web Security 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS.
CVE-2008-0457 1 Symantec 1 Backupexec System Recovery 2024-02-28 10.0 HIGH N/A
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
CVE-2006-4981 1 Symantec 1 Sygate Network Access Control 2024-02-28 4.6 MEDIUM N/A
Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs).