Vulnerabilities (CVE)

Filtered by vendor Symantec Subscribe
Total 571 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-3673 1 Symantec 6 Client Security, Norton Antispam, Norton Antivirus and 3 more 2024-11-21 6.9 MEDIUM N/A
Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
CVE-2007-3666 1 Symantec 1 Norton Ghost 2024-11-21 7.5 HIGH N/A
Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 allows remote attackers to execute arbitrary code via the Connect function.
CVE-2007-3665 1 Symantec 1 Norton Ghost 2024-11-21 5.0 MEDIUM N/A
Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec Norton Ghost 12.0 allow remote attackers to cause a denial of service via unspecified vectors involving the UpdateCatalog and other functions.
CVE-2007-3509 1 Symantec 1 Veritas Backup Exec 2024-11-21 7.5 HIGH N/A
Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.
CVE-2007-3132 1 Symantec 2 Ghost Solutions Suite, Norton Ghost 2024-11-21 5.0 MEDIUM N/A
Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp.
CVE-2007-3095 1 Symantec 3 Client Security, Norton Antivirus, Reporting Server 2024-11-21 9.0 HIGH N/A
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors.
CVE-2007-3022 1 Symantec 3 Client Security, Norton Antivirus, Reporting Server 2024-11-21 4.3 MEDIUM N/A
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.
CVE-2007-3021 1 Symantec 3 Client Security, Norton Antivirus, Reporting Server 2024-11-21 7.5 HIGH N/A
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.
CVE-2007-2955 1 Symantec 3 Norton Antivirus, Norton Internet Security, Norton System Works 2024-11-21 6.8 MEDIUM N/A
Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.
CVE-2007-2950 3 Centennial, Numara, Symantec 3 Discovery, Asset Manager, Discovery 2024-11-21 7.2 HIGH N/A
Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.
CVE-2007-2896 2 Microsoft, Symantec 2 All Windows, Enterprise Security Manager 2024-11-21 4.3 MEDIUM N/A
Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports.
CVE-2007-2619 1 Symantec 1 Pcanywhere 2024-11-21 4.6 MEDIUM N/A
Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785.
CVE-2007-2514 3 Centennial, Numara, Symantec 3 Discovery, Asset Manager, Discovery 2024-11-21 9.3 HIGH N/A
Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173.
CVE-2007-2375 1 Symantec 1 Enterprise Security Manager 2024-11-21 10.0 HIGH N/A
The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.
CVE-2007-2361 1 Symantec 4 Backupexec System Recovery, Livestate Recovery, Norton Ghost and 1 more 2024-11-21 4.9 MEDIUM N/A
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.
CVE-2007-2360 1 Symantec 4 Backupexec System Recovery, Livestate Recovery, Norton Ghost and 1 more 2024-11-21 6.8 MEDIUM N/A
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.
CVE-2007-2359 1 Symantec 4 Backupexec System Recovery, Livestate Recovery, Norton Ghost and 1 more 2024-11-21 7.2 HIGH N/A
Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.
CVE-2007-2279 1 Symantec 1 Veritas Storage Foundation 2024-11-21 9.3 HIGH N/A
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
CVE-2007-1793 1 Symantec 8 Antivirus, Client Security, Norton 360 and 5 more 2024-11-21 4.9 MEDIUM N/A
SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.
CVE-2007-1792 1 Symantec 2 Mail Security, Mail Security 8820 Appliance 2024-11-21 7.8 HIGH N/A
libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02".