Vulnerabilities > Symantec
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-04 | CVE-2007-2279 | Permissions, Privileges, and Access Controls vulnerability in Symantec Veritas Storage Foundation 5.0 The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution. | 9.3 |
| 2007-06-04 | CVE-2007-1593 | Resource Management Errors vulnerability in Symantec Veritas Volume Replicator The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer. | 5.0 |
| 2007-05-30 | CVE-2007-2896 | Denial of Service vulnerability in Symantec Enterprise Security Manager 6.5.3 Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports. | 4.3 |
| 2007-05-16 | CVE-2007-1173 | Remote Buffer Overflow vulnerability in Multiple Vendor XFERWAN.EXE Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet. | 10.0 |
| 2007-05-16 | CVE-2007-1689 | Buffer Overflow vulnerability in Symantec Norton Personal Firewall 2004 ActiveX Control Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions. | 10.0 |
| 2007-05-11 | CVE-2007-2619 | Local Information Disclosure vulnerability in Symantec Pcanywhere 11.5/11.5.1/12.0 Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785. | 4.6 |
| 2007-05-11 | CVE-2006-3456 | Code Injection vulnerability in Symantec products The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. | 8.5 |
| 2007-04-30 | CVE-2007-2375 | Remote Upgrade Remote Code Execution vulnerability in Symantec Enterprise Security Manager The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol. | 10.0 |
| 2007-04-30 | CVE-2007-2361 | Local Security vulnerability in BackupExec System Recovery Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file. | 4.9 |
| 2007-04-30 | CVE-2007-2360 | Local Security vulnerability in BackupExec System Recovery Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key. | 6.8 |