Vulnerabilities > Symantec

DATE CVE VULNERABILITY TITLE RISK
2009-01-20 CVE-2008-4388 Improper Input Validation vulnerability in Symantec Appstream Client 5.2
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.
network
symantec CWE-20
critical
9.3
2008-12-12 CVE-2008-5543 Improper Input Validation vulnerability in Symantec Antivirus 10.0
Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
network
symantec microsoft CWE-20
critical
9.3
2008-12-11 CVE-2008-5427 Resource Management Errors vulnerability in Symantec Norton Internet Security 2008 15.5.0.23
Norton Antivirus in Norton Internet Security 15.5.0.23 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
network
symantec CWE-399
4.3
2008-12-10 CVE-2008-5408 Buffer Errors vulnerability in Symantec Backup Exec for Windows Server 11D/12.0/12.5
Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors.
network
low complexity
symantec CWE-119
critical
9.0
2008-12-10 CVE-2008-5407 Improper Authentication vulnerability in Symantec Backup Exec for Windows Server 11D/12.0/12.5
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors.
network
low complexity
symantec CWE-287
critical
9.4
2008-10-21 CVE-2008-4638 Information Exposure vulnerability in Symantec Veritas File System 5.0/Unknown
qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message.
local
low complexity
symantec CWE-200
4.6
2008-10-21 CVE-2008-3248 Information Exposure vulnerability in Symantec Veritas File System 5.0/Unknown
qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files.
local
low complexity
symantec CWE-200
4.6
2008-09-30 CVE-2008-4339 Permissions, Privileges, and Access Controls vulnerability in Symantec Netbackup Enterprise Server and Netbackup Server
Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to "bpjava* binaries."
network
low complexity
symantec CWE-264
6.5
2008-08-18 CVE-2008-3703 Improper Authentication vulnerability in Symantec Veritas Storage Foundation 5.0/5.1
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution.
network
low complexity
symantec CWE-287
critical
10.0
2008-06-20 CVE-2008-2794 Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Notification Server 6.0
Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors.
local
low complexity
symantec CWE-264
6.8