| CVE-2017-15530 |
low |
3.3 |
3.3 |
|
|
symantec |
9y ago |
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first… |
| CVE-2015-4523 |
critical |
9.3 |
10.0 |
EXP |
|
symantec |
9y ago |
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, caus… |
| CVE-2017-6326 |
critical |
10.0 |
10.0 |
EXP |
|
symantec |
9y ago |
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machi… |
| CVE-2016-3645 |
critical |
9.8 |
10.0 |
EXP |
|
symantec |
10y ago |
Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web … |
| CVE-2015-8801 |
low |
2.9 |
2.9 |
|
|
symantec |
10y ago |
Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations befo… |
| CVE-2016-2208 |
critical |
9.1 |
10.0 |
EXP |
|
symantec |
10y ago |
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system … |
| CVE-2015-8151 |
critical |
9.1 |
9.1 |
|
|
symantec |
10y ago |
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access. |
| CVE-2015-6556 |
low |
— |
2.3 |
|
|
symantec |
11y ago |
EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. |
| CVE-2015-6549 |
low |
— |
3.5 |
|
|
symantec |
11y ago |
Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML … |
| CVE-2014-7288 |
critical |
— |
10.0 |
EXP |
|
symantec |
12y ago |
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-… |
| CVE-2014-9224 |
low |
— |
4.5 |
EXP |
|
broadcomsymantec |
12y ago |
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec … |
| CVE-2014-3440 |
critical |
— |
9.0 |
|
|
broadcomsymantec |
12y ago |
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 a… |
| CVE-2014-1652 |
low |
— |
2.3 |
|
|
symantec |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unsp… |
| CVE-2013-5017 |
critical |
9.8 |
9.8 |
|
|
symantec |
12y ago |
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors. |
| CVE-2014-1647 |
low |
— |
2.6 |
|
|
symantec |
12y ago |
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of se… |
| CVE-2014-1646 |
low |
— |
2.6 |
|
|
symantec |
12y ago |
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of servi… |
| CVE-2013-4678 |
low |
— |
2.7 |
|
|
symantec |
13y ago |
The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified … |
| CVE-2013-1615 |
low |
— |
2.9 |
|
|
symantec |
13y ago |
The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspec… |
| CVE-2013-1611 |
low |
— |
3.5 |
|
|
symantec |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitra… |
| CVE-2012-4953 |
critical |
— |
9.3 |
|
|
symantec |
14y ago |
The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine… |
| CVE-2012-3582 |
low |
— |
2.9 |
|
|
symantec |
14y ago |
Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circ… |
| CVE-2012-3581 |
low |
— |
3.3 |
|
|
symantec |
14y ago |
Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. |
| CVE-2012-2976 |
critical |
— |
10.0 |
|
|
symantec |
14y ago |
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" is… |
| CVE-2012-2953 |
critical |
— |
10.0 |
EXP |
|
symantec |
14y ago |
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts. |
| CVE-2012-0300 |
low |
— |
3.3 |
|
|
symantec |
14y ago |
Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive vers… |
| CVE-2012-0295 |
critical |
— |
9.3 |
|
|
symantec |
14y ago |
The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by le… |
| CVE-2012-0299 |
critical |
— |
10.0 |
EXP |
|
symantec |
14y ago |
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, … |
| CVE-2012-0297 |
critical |
— |
10.0 |
EXP |
|
symantec |
14y ago |
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafte… |
| CVE-2012-0290 |
critical |
— |
10.0 |
|
|
symantec |
15y ago |
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1… |
| CVE-2011-3478 |
critical |
— |
10.0 |
EXP |
|
symantec |
15y ago |
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authent… |
| CVE-2011-0547 |
critical |
— |
10.0 |
|
|
symantec |
15y ago |
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) … |
| CVE-2011-0548 |
critical |
— |
9.3 |
|
|
symantec |
15y ago |
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, a… |
| CVE-2011-0688 |
critical |
— |
9.3 |
|
|
symantec |
16y ago |
Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 a… |
| CVE-2010-0111 |
critical |
— |
10.0 |
EXP |
|
symantec |
16y ago |
HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x b… |
| CVE-2010-0131 |
critical |
— |
9.3 |
|
|
autonomysymantec |
16y ago |
Stack-based buffer overflow in the SpreadSheet Lotus 123 reader (wkssr.dll), as used in Autonomy KeyView 10.4 and 10.9, Symantec Mail Security, and possibly other products, allows remote attackers to… |
| CVE-2008-4389 |
critical |
— |
9.3 |
|
|
symantec |
16y ago |
Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly perform authentication, which allows remote Workspace Streaming servers and man-in-the-middle atta… |
| CVE-2010-2305 |
critical |
— |
10.0 |
EXP |
|
symantec |
16y ago |
Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Sygate Personal Firewall 5.6 build 2808 allows remote attackers to execute arbitrary code via a long third argument to the SetRegStr… |
| CVE-2009-3032 |
critical |
— |
10.0 |
|
|
ibmsymantec |
17y ago |
Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and o… |
| CVE-2010-0107 |
critical |
— |
9.3 |
|
|
symantec |
17y ago |
Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3… |
| CVE-2010-0108 |
critical |
— |
10.0 |
EXP |
|
symantec |
17y ago |
Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Secur… |
| CVE-2010-0106 |
low |
— |
1.9 |
|
|
symantec |
17y ago |
The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attacker… |
