Filtered by vendor Symantec
Subscribe
Total
573 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5168 | 2 Microsoft, Symantec | 2 Windows Xp, Norton Internet Security 2010 | 2024-04-11 | 6.2 MEDIUM | N/A |
| Race condition in Symantec Norton Internet Security 2010 17.5.0.127 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | |||||
| CVE-2006-6308 | 1 Symantec | 1 Livestate Agent For Windows | 2024-04-11 | 4.3 MEDIUM | N/A |
| Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability | |||||
| CVE-2006-4562 | 1 Symantec | 1 Gateway Security | 2024-04-11 | 5.0 MEDIUM | N/A |
| The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface | |||||
| CVE-2002-1777 | 1 Symantec | 1 Norton Antivirus | 2024-04-11 | 7.5 HIGH | N/A |
| NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition field, which is used by Outlook to obtain the file name. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but Norton AntiVirus or the Office plug-in would detect the virus before it is executed | |||||
| CVE-2002-1776 | 1 Symantec | 1 Norton Antivirus | 2024-04-11 | 7.5 HIGH | N/A |
| NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed | |||||
| CVE-2002-1775 | 1 Symantec | 1 Norton Antivirus | 2024-04-11 | 7.5 HIGH | N/A |
| NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed | |||||
| CVE-2002-1774 | 1 Symantec | 1 Norton Antivirus | 2024-04-11 | 7.5 HIGH | N/A |
| NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed | |||||
| CVE-2004-0112 | 24 4d, Apple, Avaya and 21 more | 65 Webstar, Mac Os X, Mac Os X Server and 62 more | 2024-02-15 | 5.0 MEDIUM | N/A |
| The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | |||||
| CVE-2008-6827 | 1 Symantec | 1 Altiris Deployment Solution | 2024-02-14 | 6.8 MEDIUM | 7.8 HIGH |
| The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function. | |||||
| CVE-2008-6828 | 1 Symantec | 1 Altiris Deployment Solution | 2024-02-14 | 4.3 MEDIUM | 7.8 HIGH |
| Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. | |||||
| CVE-2009-1517 | 1 Symantec | 1 Norton Ghost | 2024-02-14 | 4.3 MEDIUM | N/A |
| Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods. | |||||
| CVE-2009-3107 | 1 Symantec | 1 Altiris Deployment Solution | 2024-02-13 | 4.8 MEDIUM | N/A |
| Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service. | |||||
| CVE-2001-1125 | 1 Symantec | 1 Liveupdate | 2024-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. | |||||
| CVE-2002-0485 | 1 Symantec | 1 Norton Antivirus | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients. | |||||
| CVE-2004-0217 | 2 Redhat, Symantec | 2 Linux, Antivirus Scan Engine | 2024-01-26 | 3.7 LOW | 7.0 HIGH |
| The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. | |||||
| CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | |||||
| CVE-2023-23958 | 1 Symantec | 1 Protection Engine | 2023-12-10 | N/A | 6.5 MEDIUM |
| Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. | |||||
| CVE-2023-23957 | 1 Symantec | 1 Identity Portal | 2023-12-10 | N/A | 5.4 MEDIUM |
| An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | |||||
| CVE-2022-25630 | 1 Symantec | 1 Messaging Gateway | 2023-12-10 | N/A | 5.4 MEDIUM |
| An authenticated user can embed malicious content with XSS into the admin group policy page. | |||||
| CVE-2022-25629 | 1 Symantec | 1 Messaging Gateway | 2023-12-10 | N/A | 5.4 MEDIUM |
| An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). | |||||