Vulnerabilities > Symantec > Norton Personal Firewall

DATE CVE VULNERABILITY TITLE RISK
2006-04-19 CVE-2006-1836 Local Privilege Escalation vulnerability in Symantec LiveUpdate for Macintosh
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
local
low complexity
symantec
6.8
2004-08-18 CVE-2004-0375 Remote Denial Of Service vulnerability in Symantec Client Firewall Products SYMNDIS.SYS Driver
SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.
network
low complexity
symantec
5.0
2004-07-07 CVE-2004-0445 Remote DNS Response Denial Of Service vulnerability in Symantec Client Firewall
The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a DNS response with a compressed name pointer that points to itself.
network
high complexity
symantec
2.6
2004-07-07 CVE-2004-0444 Buffer Overflow vulnerability in Symantec Client Firewall NetBIOS Name Service Response
Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components.
network
low complexity
symantec
critical
10.0
2002-12-31 CVE-2002-2336 Configuration vulnerability in Symantec Norton Personal Firewall 2002
Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
network
symantec CWE-16
4.3
2002-12-31 CVE-2002-1779 Unspecified vulnerability in Symantec Norton Personal Firewall 2002
The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305).
network
low complexity
symantec
7.5
2002-12-31 CVE-2002-1778 Unspecified vulnerability in Symantec Norton Personal Firewall 2002
Symantec Norton Personal Firewall 2002 allows remote attackers to bypass the portscan protection by using a (1) SYN/FIN, (2) SYN/FIN/URG, (3) SYN/FIN/PUSH, or (4) SYN/FIN/URG/PUSH scan.
network
low complexity
symantec
7.5
2002-07-26 CVE-2002-0663 Buffer Overflow vulnerability in Symantec Norton Personal Firewall/Internet Security 2001
Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request.
network
low complexity
symantec
7.5