Filtered by vendor Symantec
Subscribe
Total
571 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2758 | 1 Symantec | 2 Antivirus Scan Engine, Antivirus Scan Engine For Network Attached Storage | 2024-11-21 | 10.0 HIGH | N/A |
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow. | |||||
CVE-2005-2017 | 1 Symantec | 1 Norton Antivirus | 2024-11-20 | 10.0 HIGH | N/A |
Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540. | |||||
CVE-2005-1970 | 1 Symantec | 1 Pcanywhere | 2024-11-20 | 7.2 HIGH | N/A |
Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature. | |||||
CVE-2005-1867 | 1 Symantec | 1 Brightmail Antispam | 2024-11-20 | 7.5 HIGH | N/A |
Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges. | |||||
CVE-2005-1346 | 1 Symantec | 7 Antivirus Scan Engine, Mail Security, Norton Antivirus and 4 more | 2024-11-20 | 2.6 LOW | N/A |
Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file. | |||||
CVE-2005-0923 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2024-11-20 | 2.1 LOW | N/A |
The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share. | |||||
CVE-2005-0922 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2024-11-20 | 5.0 MEDIUM | N/A |
Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type. | |||||
CVE-2005-0817 | 1 Symantec | 4 Enterprise Firewall, Gateway Security 5300, Gateway Security 5400 and 1 more | 2024-11-20 | 5.0 MEDIUM | N/A |
Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites. | |||||
CVE-2005-0618 | 2 Nexland, Symantec | 4 Pro800turbo, Firewall Vpn Appliance 200r, Gateway Security 360 and 1 more | 2024-11-20 | 6.4 MEDIUM | N/A |
The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network. | |||||
CVE-2005-0249 | 1 Symantec | 11 Antivirus Scan Engine, Brightmail Antispam, Client Security and 8 more | 2024-11-20 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. | |||||
CVE-2004-2755 | 1 Symantec | 1 Web Security | 2024-11-20 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages. | |||||
CVE-2004-2609 | 1 Symantec | 1 Powerquest Deploycenter | 2024-11-20 | 2.1 LOW | N/A |
The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow. | |||||
CVE-2004-2147 | 1 Symantec | 1 Norton Antivirus | 2024-11-20 | 5.0 MEDIUM | N/A |
Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body. | |||||
CVE-2004-1910 | 1 Symantec | 1 Security Check Virus Detection | 2024-11-20 | 5.0 MEDIUM | N/A |
rufsi.dll in Symantec Virus Detection allows remote attackers to cause a denial of service (crash) via a long string to the GetPrivateProfileString function. NOTE: this issue was originally reported as a buffer overflow, but that specific claim is disputed by the vendor, although a crash is acknowledged. | |||||
CVE-2004-1768 | 1 Symantec | 1 Brightmail Antispam | 2024-11-20 | 5.0 MEDIUM | N/A |
The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized by the converters. | |||||
CVE-2004-1754 | 1 Symantec | 2 Enterprise Firewall, Gateway Security | 2024-11-20 | 5.0 MEDIUM | N/A |
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records. | |||||
CVE-2004-1694 | 1 Symantec | 2 On Command Ccm, On Icommand | 2024-11-20 | 7.5 HIGH | N/A |
Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access. | |||||
CVE-2004-1483 | 1 Symantec | 1 Clientless Vpn Gateway 4400 | 2024-11-20 | 10.0 HIGH | N/A |
Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact. | |||||
CVE-2004-1474 | 1 Symantec | 12 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r and 9 more | 2024-11-20 | 5.0 MEDIUM | N/A |
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall's configuration file. | |||||
CVE-2004-1473 | 1 Symantec | 12 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r and 9 more | 2024-11-20 | 5.0 MEDIUM | N/A |
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53. |