Vulnerabilities (CVE)

Filtered by vendor Symantec Subscribe
Total 571 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-6554 1 Symantec 1 Endpoint Protection Manager 2024-11-21 7.5 HIGH N/A
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data.
CVE-2015-6549 1 Symantec 1 Netbackup Opscenter 2024-11-21 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6548 1 Symantec 1 Web Gateway 2024-11-21 5.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-6547 1 Symantec 1 Web Gateway 2024-11-21 8.3 HIGH N/A
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors.
CVE-2015-5693 1 Symantec 1 Web Gateway 2024-11-21 7.9 HIGH N/A
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture."
CVE-2015-5692 1 Symantec 1 Web Gateway 2024-11-21 7.9 HIGH N/A
admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file.
CVE-2015-5691 1 Symantec 1 Web Gateway 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php.
CVE-2015-5690 1 Symantec 1 Web Gateway 2024-11-21 8.5 HIGH N/A
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect."
CVE-2015-5689 1 Symantec 2 Deployment Solution, Ghost Solutions Suite 2024-11-21 6.8 MEDIUM N/A
ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to execute arbitrary code, cause a denial of service (application crash), or possibly obtain sensitive information via a crafted Ghost image.
CVE-2015-4523 1 Symantec 2 Malware Analysis Appliance, Malware Analyzer G2 2024-11-21 9.0 HIGH 9.3 CRITICAL
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis.
CVE-2015-4334 1 Symantec 1 Proxysg Firmware 2024-11-21 5.0 MEDIUM N/A
The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication.
CVE-2015-1492 1 Symantec 1 Endpoint Protection Manager 2024-11-21 8.5 HIGH N/A
Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package.
CVE-2015-1491 1 Symantec 1 Endpoint Protection Manager 2024-11-21 6.0 MEDIUM N/A
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1490 1 Symantec 1 Endpoint Protection Manager 2024-11-21 5.5 MEDIUM N/A
Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package.
CVE-2015-1489 1 Symantec 1 Endpoint Protection Manager 2024-11-21 8.5 HIGH N/A
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2015-1488 1 Symantec 1 Endpoint Protection Manager 2024-11-21 4.0 MEDIUM N/A
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.
CVE-2015-1487 1 Symantec 1 Endpoint Protection Manager 2024-11-21 5.5 MEDIUM N/A
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.
CVE-2015-1486 1 Symantec 1 Endpoint Protection Manager 2024-11-21 7.5 HIGH N/A
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.
CVE-2015-1485 1 Symantec 1 Data Loss Prevention 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators.
CVE-2015-1484 1 Symantec 1 Workspace Streaming 2024-11-21 6.9 MEDIUM N/A
Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.