Filtered by vendor Symantec
Subscriptions
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0113 | 2 Google, Symantec | 2 Android, Mobile Security | 2025-04-11 | N/A |
| The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs. | ||||
| CVE-2013-4575 | 1 Symantec | 1 Backup Exec | 2025-04-11 | N/A |
| Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2013-1617 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-4349 | 1 Symantec | 1 Network Access Control | 2025-04-11 | N/A |
| Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2013-1616 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2025-04-11 | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. | ||||
| CVE-2013-1615 | 1 Symantec | 2 Security Information Manager, Security Information Manager Appliance | 2025-04-11 | N/A |
| The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls. | ||||
| CVE-2010-0112 | 1 Symantec | 1 Im Manager | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp. | ||||
| CVE-2013-1613 | 1 Symantec | 2 Security Information Manager, Security Information Manager Appliance | 2025-04-11 | N/A |
| SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-1612 | 1 Symantec | 2 Endpoint Protection Center, Endpoint Protection Manager | 2025-04-11 | N/A |
| Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2012-4350 | 1 Symantec | 1 Enterprise Security Manager | 2025-04-11 | N/A |
| Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors. | ||||
| CVE-2013-1611 | 1 Symantec | 1 Brightmail Gateway | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-1608 | 1 Symantec | 1 Netbackup Appliance | 2025-04-11 | N/A |
| Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2012-4351 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2025-04-11 | N/A |
| Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application. | ||||
| CVE-2012-4347 | 1 Symantec | 1 Messaging Gateway | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. | ||||
| CVE-2012-4953 | 1 Symantec | 3 Antivirus, Endpoint Protection, Scan Engine | 2025-04-11 | N/A |
| The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file. | ||||
| CVE-2011-0548 | 1 Symantec | 3 Brightmail And Messaging Gateway, Data Loss Prevention, Mail Security | 2025-04-11 | N/A |
| Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217. | ||||
| CVE-2011-0554 | 1 Symantec | 1 Im Manager | 2025-04-11 | N/A |
| The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "code injection issue." | ||||
| CVE-2012-0290 | 1 Symantec | 3 Altiris Client Management Suite Pcanywhere Solution, Altiris Deployment Solution Remote Pcanywhere Solution, Pcanywhere | 2025-04-11 | N/A |
| Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session." | ||||
| CVE-2012-4178 | 1 Symantec | 1 Web Gateway | 2025-04-11 | N/A |
| SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter. | ||||
| CVE-2012-3582 | 1 Symantec | 1 Pgp Universal Server | 2025-04-11 | N/A |
| Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's session. | ||||