Filtered by vendor Symantec
Subscribe
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1425 | 14 Antiy, Avira, Cat and 11 more | 16 Avl Sdk, Antivir, Quick Heal and 13 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \50\4B\03\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2012-0290 | 1 Symantec | 3 Altiris Client Management Suite Pcanywhere Solution, Altiris Deployment Solution Remote Pcanywhere Solution, Pcanywhere | 2025-04-11 | 10.0 HIGH | N/A |
| Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session." | |||||
| CVE-2012-0299 | 1 Symantec | 1 Web Gateway | 2025-04-11 | 10.0 HIGH | N/A |
| The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. | |||||
| CVE-2012-0296 | 1 Symantec | 1 Web Gateway | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1457 | 26 Aladdin, Alwil, Anti-virus and 23 more | 28 Esafe, Avast Antivirus, Vba32 and 25 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2010-5168 | 2 Microsoft, Symantec | 2 Windows Xp, Norton Internet Security 2010 | 2025-04-11 | 6.2 MEDIUM | N/A |
| Race condition in Symantec Norton Internet Security 2010 17.5.0.127 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | |||||
| CVE-2012-1821 | 2 Microsoft, Symantec | 2 Windows 2003 Server, Endpoint Protection | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic. | |||||
| CVE-2012-4348 | 1 Symantec | 1 Endpoint Protection | 2025-04-11 | 7.2 HIGH | N/A |
| The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-1616 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2025-04-11 | 8.3 HIGH | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. | |||||
| CVE-2012-1462 | 10 Ahnlab, Aladdin, Avg and 7 more | 10 V3 Internet Security, Esafe, Avg Anti-virus and 7 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations. | |||||
| CVE-2012-1456 | 18 Aladdin, Avg, Cat and 15 more | 20 Esafe, Avg Anti-virus, Quick Heal and 17 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2013-5015 | 1 Symantec | 2 Endpoint Protection Manager, Protection Center | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-0298 | 1 Symantec | 1 Web Gateway | 2025-04-11 | 6.4 MEDIUM | N/A |
| The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors. | |||||
| CVE-2012-4953 | 1 Symantec | 3 Antivirus, Endpoint Protection, Scan Engine | 2025-04-11 | 9.3 HIGH | N/A |
| The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file. | |||||
| CVE-2012-0291 | 1 Symantec | 4 Altiris Client Management Suite Pcanywhere Solution, Altiris Deployment Solution Remote Pcanywhere Solution, Altiris It Management Suite Pcanywhere Solution and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response. | |||||
| CVE-2012-2976 | 1 Symantec | 1 Web Gateway | 2025-04-11 | 10.0 HIGH | N/A |
| The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue. | |||||
| CVE-2003-1575 | 2 Sun, Symantec | 2 Solaris, Vxfs | 2025-04-11 | 4.6 MEDIUM | N/A |
| VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem. | |||||
| CVE-2012-6533 | 2 Microsoft, Symantec | 4 Windows 2003 Server, Windows Xp, Encryption Desktop and 1 more | 2025-04-11 | 4.4 MEDIUM | N/A |
| Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application. | |||||
| CVE-2011-0548 | 1 Symantec | 3 Brightmail And Messaging Gateway, Data Loss Prevention, Mail Security | 2025-04-11 | 9.3 HIGH | N/A |
| Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217. | |||||
| CVE-2013-1614 | 1 Symantec | 2 Security Information Manager, Security Information Manager Appliance | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||