Filtered by vendor Symantec
Subscribe
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4523 | 1 Symantec | 2 Malware Analysis Appliance, Malware Analyzer G2 | 2025-04-20 | 9.0 HIGH | 9.3 CRITICAL |
| Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis. | |||||
| CVE-2017-15526 | 1 Symantec | 1 Endpoint Encryption | 2025-04-20 | 5.2 MEDIUM | 6.8 MEDIUM |
| Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario. | |||||
| CVE-2017-13683 | 1 Symantec | 1 Endpoint Encryption | 2025-04-20 | 2.3 LOW | 5.7 MEDIUM |
| In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code. | |||||
| CVE-2017-13681 | 1 Symantec | 1 Endpoint Protection | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack. | |||||
| CVE-2017-15529 | 1 Symantec | 1 Norton Family | 2025-04-20 | 2.1 LOW | 6.2 MEDIUM |
| Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
| CVE-2017-6329 | 1 Symantec | 1 Vip Access For Desktop | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the application will generally follow a specific search path to locate the DLL. The exploitation of the vulnerability manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application. | |||||
| CVE-2017-13674 | 1 Symantec | 1 Proxyclient | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges. | |||||
| CVE-2016-5313 | 1 Symantec | 1 Web Gateway | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. | |||||
| CVE-2017-6327 | 1 Symantec | 1 Message Gateway | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges. | |||||
| CVE-2015-6547 | 1 Symantec | 1 Web Gateway | 2025-04-12 | 8.3 HIGH | N/A |
| The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. | |||||
| CVE-2014-3433 | 1 Symantec | 1 Data Insight | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue. | |||||
| CVE-2014-1646 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2025-04-12 | 2.6 LOW | N/A |
| Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate. | |||||
| CVE-2015-6556 | 1 Symantec | 1 Endpoint Encryption | 2025-04-12 | 2.3 LOW | N/A |
| EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. | |||||
| CVE-2014-1647 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2025-04-12 | 2.6 LOW | N/A |
| Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate. | |||||
| CVE-2015-1484 | 1 Symantec | 1 Workspace Streaming | 2025-04-12 | 6.9 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | |||||
| CVE-2016-2205 | 1 Symantec | 2 Workspace Streaming, Workspace Virtualization | 2025-04-12 | 6.1 MEDIUM | 5.7 MEDIUM |
| Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors. | |||||
| CVE-2016-5308 | 2 Microsoft, Symantec | 2 Windows, Client Intrusion Detection System | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
| The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file. | |||||
| CVE-2015-8149 | 1 Symantec | 1 Encryption Management Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests. | |||||
| CVE-2015-8152 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | 8.5 HIGH | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. | |||||
| CVE-2014-3431 | 2 Apple, Symantec | 3 Mac Os X, Encryption Desktop, Pgp Desktop | 2025-04-12 | 4.3 MEDIUM | N/A |
| Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. | |||||