Vulnerabilities (CVE)

Filtered by vendor Symantec Subscribe
Total 571 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5693 1 Symantec 1 Web Gateway 2024-02-28 7.9 HIGH N/A
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture."
CVE-2015-6555 1 Symantec 1 Endpoint Protection Manager 2024-02-28 8.5 HIGH N/A
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.
CVE-2015-4334 1 Symantec 1 Proxysg Firmware 2024-02-28 5.0 MEDIUM N/A
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication.
CVE-2016-3650 1 Symantec 1 Endpoint Protection Manager 2024-02-28 4.0 MEDIUM 8.8 HIGH
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack.
CVE-2015-1490 1 Symantec 1 Endpoint Protection Manager 2024-02-28 5.5 MEDIUM N/A
Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package.
CVE-2014-9230 1 Symantec 1 Data Loss Prevention 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3648 1 Symantec 1 Endpoint Protection Manager 2024-02-28 4.0 MEDIUM 8.8 HIGH
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window.
CVE-2015-6547 1 Symantec 1 Web Gateway 2024-02-28 8.3 HIGH N/A
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors.
CVE-2015-8113 1 Symantec 1 Endpoint Protection 2024-02-28 7.2 HIGH N/A
Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1492.
CVE-2016-5304 1 Symantec 1 Endpoint Protection Manager 2024-02-28 4.9 MEDIUM 6.8 MEDIUM
Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-2205 1 Symantec 2 Workspace Streaming, Workspace Virtualization 2024-02-28 6.1 MEDIUM 5.7 MEDIUM
Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.
CVE-2016-5306 1 Symantec 1 Endpoint Protection Manager 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445.
CVE-2015-6556 1 Symantec 1 Endpoint Encryption 2024-02-28 2.3 LOW N/A
EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump.
CVE-2016-3653 1 Symantec 1 Endpoint Protection Manager 2024-02-28 6.0 MEDIUM 8.0 HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.
CVE-2015-6548 1 Symantec 1 Web Gateway 2024-02-28 5.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-9227 1 Symantec 1 Endpoint Protection 2024-02-28 4.4 MEDIUM N/A
Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2016-3644 1 Symantec 18 Advanced Threat Protection, Csapi, Data Center Security Server and 15 more 2024-02-28 10.0 HIGH 8.4 HIGH
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message.
CVE-2016-3649 1 Symantec 1 Endpoint Protection Manager 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests.
CVE-2016-2202 1 Symantec 1 Altiris It Management Suite 2024-02-28 2.1 LOW 5.5 MEDIUM
The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors.
CVE-2015-8801 1 Symantec 1 Endpoint Protection Manager 2024-02-28 3.3 LOW 2.9 LOW
Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.