Filtered by vendor Symantec
Subscriptions
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0231 | 1 Symantec | 1 Antivirus Scan Engine | 2025-04-03 | N/A |
| Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. | ||||
| CVE-2005-4695 | 1 Symantec | 1 Brightmail Antispam | 2025-04-03 | N/A |
| Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages. | ||||
| CVE-2005-3934 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | N/A |
| Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors. | ||||
| CVE-2005-1970 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | N/A |
| Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature. | ||||
| CVE-2005-0923 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2025-04-03 | N/A |
| The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share. | ||||
| CVE-2004-2609 | 1 Symantec | 1 Powerquest Deploycenter | 2025-04-03 | N/A |
| The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow. | ||||
| CVE-2004-1768 | 1 Symantec | 1 Brightmail Antispam | 2025-04-03 | N/A |
| The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized by the converters. | ||||
| CVE-2004-1694 | 1 Symantec | 2 On Command Ccm, On Icommand | 2025-04-03 | N/A |
| Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access. | ||||
| CVE-2006-2341 | 1 Symantec | 2 Enterprise Firewall, Gateway Security | 2025-04-03 | N/A |
| The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI. | ||||
| CVE-2006-3784 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | N/A |
| Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator. | ||||
| CVE-2006-4013 | 1 Symantec | 1 Brightmail Antispam | 2025-04-03 | N/A |
| Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests. | ||||
| CVE-2006-4014 | 1 Symantec | 1 Brightmail Antispam | 2025-04-03 | N/A |
| Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts". | ||||
| CVE-2006-4266 | 1 Symantec | 1 Norton Personal Firewall | 2025-04-03 | N/A |
| Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product's functionality is intended to protect against privileged actions such as this. | ||||
| CVE-2005-3217 | 1 Symantec | 1 Antivirus Scan Engine | 2025-04-03 | N/A |
| Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | ||||
| CVE-2023-23958 | 1 Symantec | 1 Protection Engine | 2024-11-21 | 6.8 Medium |
| Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. | ||||
| CVE-2023-23957 | 1 Symantec | 1 Identity Portal | 2024-11-21 | 5.4 Medium |
| An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | ||||
| CVE-2022-25623 | 1 Symantec | 1 Management Agent | 2024-11-21 | 7.8 High |
| The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. | ||||
| CVE-2021-30642 | 1 Symantec | 1 Security Analytics | 2024-11-21 | 9.8 Critical |
| An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges. | ||||
| CVE-2020-5839 | 1 Symantec | 1 Endpoint Detection And Response | 2024-11-21 | 7.5 High |
| Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | ||||
| CVE-2020-5838 | 1 Symantec | 1 It Analytics | 2024-11-21 | 4.8 Medium |
| Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users. | ||||