Vulnerabilities > Symantec
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-01-20 | CVE-2008-4388 | Improper Input Validation vulnerability in Symantec Appstream Client 5.2 The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods. | 9.3 |
2008-12-12 | CVE-2008-5543 | Improper Input Validation vulnerability in Symantec Antivirus 10.0 Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
2008-12-11 | CVE-2008-5427 | Resource Management Errors vulnerability in Symantec Norton Internet Security 2008 15.5.0.23 Norton Antivirus in Norton Internet Security 15.5.0.23 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |
2008-12-10 | CVE-2008-5408 | Buffer Errors vulnerability in Symantec Backup Exec for Windows Server 11D/12.0/12.5 Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. | 9.0 |
2008-12-10 | CVE-2008-5407 | Improper Authentication vulnerability in Symantec Backup Exec for Windows Server 11D/12.0/12.5 Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | 9.4 |
2008-10-21 | CVE-2008-4638 | Information Exposure vulnerability in Symantec Veritas File System 5.0/Unknown qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message. | 4.6 |
2008-10-21 | CVE-2008-3248 | Information Exposure vulnerability in Symantec Veritas File System 5.0/Unknown qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files. | 4.6 |
2008-09-30 | CVE-2008-4339 | Permissions, Privileges, and Access Controls vulnerability in Symantec Netbackup Enterprise Server and Netbackup Server Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to "bpjava* binaries." | 6.5 |
2008-08-18 | CVE-2008-3703 | Improper Authentication vulnerability in Symantec Veritas Storage Foundation 5.0/5.1 The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. | 10.0 |
2008-06-20 | CVE-2008-2794 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Notification Server 6.0 Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors. | 6.8 |