Filtered by vendor Symantec
Subscribe
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0478 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 5.0 MEDIUM | N/A |
| In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server. | |||||
| CVE-2005-1346 | 1 Symantec | 7 Antivirus Scan Engine, Mail Security, Norton Antivirus and 4 more | 2025-04-03 | 2.6 LOW | N/A |
| Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file. | |||||
| CVE-2002-2206 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 7.8 HIGH | N/A |
| The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries. | |||||
| CVE-2006-0232 | 1 Symantec | 1 Antivirus Scan Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
| Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests. | |||||
| CVE-2006-0231 | 1 Symantec | 1 Antivirus Scan Engine | 2025-04-03 | 6.4 MEDIUM | N/A |
| Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. | |||||
| CVE-2002-1779 | 1 Symantec | 1 Norton Personal Firewall | 2025-04-03 | 7.5 HIGH | N/A |
| The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305). | |||||
| CVE-2004-0444 | 1 Symantec | 5 Client Firewall, Client Security, Norton Antispam and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components. | |||||
| CVE-2005-1867 | 1 Symantec | 1 Brightmail Antispam | 2025-04-03 | 7.5 HIGH | N/A |
| Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges. | |||||
| CVE-2002-0309 | 1 Symantec | 1 Enterprise Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
| SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information. | |||||
| CVE-2004-1474 | 1 Symantec | 12 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r and 9 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall's configuration file. | |||||
| CVE-2006-0522 | 1 Symantec | 1 Sygate Management Server | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL. | |||||
| CVE-2002-1778 | 1 Symantec | 1 Norton Personal Firewall | 2025-04-03 | 7.5 HIGH | N/A |
| Symantec Norton Personal Firewall 2002 allows remote attackers to bypass the portscan protection by using a (1) SYN/FIN, (2) SYN/FIN/URG, (3) SYN/FIN/PUSH, or (4) SYN/FIN/URG/PUSH scan. | |||||
| CVE-2006-0230 | 1 Symantec | 1 Antivirus Scan Engine | 2025-04-03 | 10.0 HIGH | N/A |
| Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests. | |||||
| CVE-2006-4562 | 1 Symantec | 1 Gateway Security | 2025-04-03 | 5.0 MEDIUM | N/A |
| The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface | |||||
| CVE-2003-1310 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 4.6 MEDIUM | N/A |
| The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack"). | |||||
| CVE-2004-1029 | 5 Conectiva, Gentoo, Hp and 2 more | 8 Linux, Linux, Hp-ux and 5 more | 2025-04-03 | 9.3 HIGH | N/A |
| The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. | |||||
| CVE-2005-2759 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
| ** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this candidate was also originally assigned to an issue in DiskMountNotify. Use CVE-2005-3270 for the DiskMountNotify issue, and CVE-2005-2759 for the LiveUpdate issue. | |||||
| CVE-2005-2758 | 1 Symantec | 2 Antivirus Scan Engine, Antivirus Scan Engine For Network Attached Storage | 2025-04-03 | 10.0 HIGH | N/A |
| Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow. | |||||
| CVE-2004-0671 | 1 Symantec | 1 Brightmail Antispam | 2025-04-03 | 5.0 MEDIUM | N/A |
| Brightmail Spamfilter 6.0 and earlier beta releases allows remote attackers to read mail from other users by modifying the id parameter in a viewMsgDetails.do request. | |||||
| CVE-2002-1774 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 7.5 HIGH | N/A |
| NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed | |||||