Vulnerabilities (CVE)

Vendor filter

Symantec Subscribe

Filter

512 total CVE
CVE Vendors Products Updated CVSS
CVE-2008-2291 1 Symantec 1 Altiris Deployment Solution 2019-10-09 7.5
axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials.
CVE-2018-5240 1 Symantec 1 Inventory 2019-10-03 5.2
The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that...
CVE-2017-13680 1 Symantec 1 Endpoint Protection 2019-10-03 3.6
Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.
CVE-2017-13675 1 Symantec 1 Endpoint Encryption 2019-10-03 2.3
A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of...
CVE-2017-13677 1 Symantec 1 Advanced Secure Gateway 2019-10-03 5.0
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.
CVE-2017-6327 1 Symantec 1 Message Gateway 2019-10-03 6.5
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In...
CVE-2017-13679 1 Symantec 1 Encryption Desktop 2019-10-03 1.4
A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services...
CVE-2017-6324 1 Symantec 1 Messaging Gateway 2019-10-03 7.5
The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This...
CVE-2017-18268 1 Symantec 1 Intelligencecenter 2019-10-03 4.3
Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL...
CVE-2017-15533 1 Symantec 1 Ssl Visibility 2019-10-03 4.3
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. All affected SSLV versions act as weak oracles according the oracle...
CVE-2017-15525 1 Symantec 1 Endpoint Encryption 2019-10-03 5.5
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended...
CVE-2017-13674 1 Symantec 1 Proxyclient 2019-10-03 7.2
Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute...
CVE-2018-5237 1 Symantec 1 Endpoint Protection 2019-10-03 6.5
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower...
CVE-2017-6329 1 Symantec 1 Vip Access For Desktop 2019-10-03 4.6
Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead....
CVE-2017-13682 1 Symantec 1 Encryption Desktop 2019-10-03 2.3
In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not...
CVE-2018-5241 1 Symantec 2 Advanced Secure Gateway, Proxysg 2019-10-03 7.5
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in...
CVE-2018-12239 1 Symantec 2 Endpoint Protection, Norton Antivirus 2019-10-03 4.6
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP...
CVE-2018-12238 1 Symantec 2 Endpoint Protection, Norton Antivirus 2019-10-03 4.6
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP...
CVE-2017-6331 1 Symantec 1 Endpoint Protection 2019-10-03 3.6
Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.
CVE-2017-6326 1 Symantec 1 Messaging Gateway 2019-10-03 10.0
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.