Symantec Security Vulnerabilities
Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that...
7.1AI Score
0.001EPSS
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is...
7AI Score
0.003EPSS
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed...
7AI Score
0.003EPSS
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition field, which is...
7AI Score
0.003EPSS
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue, acknowledging that the...
7.1AI Score
0.003EPSS
The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on...
7.1AI Score
0.003EPSS
Race condition in Symantec Norton Internet Security 2010 17.5.0.127 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory...
6.9AI Score
0.0004EPSS
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine...
7.8CVSS
7.9AI Score
0.0004EPSS
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution...
7.8CVSS
7.7AI Score
0.0004EPSS
Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input.....
8.2AI Score
0.052EPSS
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this...
7.2AI Score
0.002EPSS
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com...
9.8CVSS
8.1AI Score
0.017EPSS
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail...
7.5CVSS
7.2AI Score
0.003EPSS
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as...
10CVSS
9.8AI Score
0.002EPSS
A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code...
9.6CVSS
8.7AI Score
0.002EPSS
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as...
10CVSS
9.8AI Score
0.002EPSS
A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as...
10CVSS
9.8AI Score
0.002EPSS
A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as...
10CVSS
9.8AI Score
0.002EPSS
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on...
7CVSS
6.7AI Score
0.0004EPSS
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an...
7.2AI Score
0.002EPSS
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null...
7.5CVSS
7.1AI Score
0.006EPSS
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to...
6.1CVSS
6.1AI Score
0.001EPSS
pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by...
7AI Score
0.015EPSS
Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long...
7.2AI Score
0.037EPSS
Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot)...
7AI Score
0.007EPSS
The default encryption method of PcAnywhere 9.x uses weak encryption, which allows remote attackers to sniff and decrypt PcAnywhere or NT domain...
7.1AI Score
0.008EPSS
Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER...
7.3AI Score
0.003EPSS
Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the...
7AI Score
0.065EPSS
6.8CVSS
6.3AI Score
0.0005EPSS
An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal...
5.4CVSS
5.5AI Score
0.0005EPSS
The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry...
7.8CVSS
7.6AI Score
0.0004EPSS
An authenticated user can embed malicious content with XSS into the admin group policy...
5.4CVSS
5.1AI Score
0.001EPSS
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text...
5.4CVSS
5.4AI Score
0.001EPSS
Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected...
9.8CVSS
9.6AI Score
0.002EPSS
Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment....
7.9AI Score
0.014EPSS
Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Solution 6.9 allows remote attackers to cause a denial of service via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.18, "Symantec Altiris Deployment Solution 6.9 DoS." NOTE: as of...
6.9AI Score
0.001EPSS
The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost...
6.6AI Score
0.0004EPSS
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown...
7AI Score
0.001EPSS
Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of...
7.2AI Score
0.578EPSS
Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed...
7AI Score
0.021EPSS
Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's...
7AI Score
0.003EPSS
The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2...
6.8AI Score
0.015EPSS
NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null...
6.8AI Score
0.001EPSS
Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by...
6.5AI Score
0.0004EPSS
Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that...
8AI Score
0.004EPSS
VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file...
6.6AI Score
0.0004EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin...
7.8AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified...
5.7AI Score
0.242EPSS
Cross-site scripting (XSS) vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.7AI Score
0.004EPSS
Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified...
6.3AI Score
0.001EPSS