Antivirus Scan Engine Security Vulnerabilities and Issues — Antivirus Scan Engine CVE List

Lucene search

SymantecAntivirus Scan Engine

10 matches found

CVE•added 2007/10/05 9:17 p.m.•58 views

CVE-2007-3699

The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.

9.3CVSS6.2AI score0.02382EPSS

CVE•added 2005/10/05 7:2 p.m.•55 views

CVE-2005-2758

Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.

10CVSS7.7AI score0.22572EPSS

CVE•added 2005/02/08 5:0 a.m.•50 views

CVE-2005-0249

Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.

7.5CVSS8AI score0.10603EPSS

CVE•added 2007/10/05 9:17 p.m.•50 views

CVE-2007-0447

Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.

9.3CVSS7.7AI score0.10844EPSS

CVE•added 2006/04/25 1:2 a.m.•48 views

CVE-2006-0231

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.

6.4CVSS6.7AI score0.00689EPSS

CVE•added 2005/10/14 10:2 a.m.•44 views

CVE-2005-3217

Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even ...

5.1CVSS7AI score0.00377EPSS

CVE•added 2006/04/25 1:2 a.m.•42 views

CVE-2006-0232

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.

5CVSS6.4AI score0.00879EPSS

CVE•added 2006/04/25 1:2 a.m.•40 views

CVE-2006-0230

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.

10CVSS6.9AI score0.28158EPSS

CVE•added 2004/04/15 4:0 a.m.•38 views

CVE-2004-0217

The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.

7CVSS6.7AI score0.00134EPSS

CVE•added 2005/05/02 4:0 a.m.•38 views

CVE-2005-1346

Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote atta...

2.6CVSS7AI score0.00705EPSS