Filtered by vendor Symantec
Subscriptions
Total
574 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-5017 | 1 Symantec | 1 Web Gateway | 2025-04-12 | N/A |
| SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2015-1486 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. | ||||
| CVE-2015-5690 | 1 Symantec | 1 Web Gateway | 2025-04-12 | N/A |
| The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect." | ||||
| CVE-2015-6549 | 1 Symantec | 1 Netbackup Opscenter | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-1651 | 1 Symantec | 1 Web Gateway | 2025-04-12 | N/A |
| SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2016-2204 | 1 Symantec | 1 Messaging Gateway | 2025-04-12 | N/A |
| The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | ||||
| CVE-2015-8149 | 1 Symantec | 1 Encryption Management Server | 2025-04-12 | N/A |
| The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests. | ||||
| CVE-2015-1484 | 1 Symantec | 1 Workspace Streaming | 2025-04-12 | N/A |
| Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | ||||
| CVE-2014-7286 | 2 Microsoft, Symantec | 3 Windows Server 2003, Windows Xp, Deployment Solution | 2025-04-12 | N/A |
| Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2014-9229 | 1 Symantec | 1 Endpoint Protection | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role. | ||||
| CVE-2015-8150 | 1 Symantec | 1 Encryption Management Server | 2025-04-12 | N/A |
| Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file. | ||||
| CVE-2015-8801 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device. | ||||
| CVE-2015-8156 | 1 Symantec | 1 Endpoint Encryption | 2025-04-12 | N/A |
| Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | ||||
| CVE-2016-3644 | 1 Symantec | 18 Advanced Threat Protection, Csapi, Data Center Security Server and 15 more | 2025-04-12 | N/A |
| The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message. | ||||
| CVE-2014-3433 | 1 Symantec | 1 Data Insight | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue. | ||||
| CVE-2016-3653 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users. | ||||
| CVE-2014-9230 | 1 Symantec | 1 Data Loss Prevention | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-3440 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2025-04-12 | N/A |
| The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file. | ||||
| CVE-2016-3651 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors. | ||||
| CVE-2014-3432 | 1 Symantec | 1 Data Insight | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. | ||||