Vulnerabilities > Symantec > Critical

DATE CVE VULNERABILITY TITLE RISK
2012-07-23 CVE-2012-2953 OS Command Injection vulnerability in Symantec web Gateway
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.
network
low complexity
symantec CWE-78
critical
10.0
2012-05-23 CVE-2012-0295 Code Injection vulnerability in Symantec Endpoint Protection 12.1/12.1.1000/12.1.671
The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294.
network
symantec CWE-94
critical
9.3
2012-05-21 CVE-2012-0299 Permissions, Privileges, and Access Controls vulnerability in Symantec web Gateway 5.0/5.0.1/5.0.2
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.
network
low complexity
symantec CWE-264
critical
10.0
2012-05-21 CVE-2012-0297 Permissions, Privileges, and Access Controls vulnerability in Symantec web Gateway 5.0/5.0.1/5.0.2
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
network
low complexity
symantec CWE-264
critical
10.0
2012-02-06 CVE-2012-0290 Unspecified vulnerability in Symantec products
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session."
network
low complexity
symantec
critical
10.0
2012-01-25 CVE-2011-3478 Improper Authentication vulnerability in Symantec Pcanywhere
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
network
low complexity
symantec CWE-287
critical
10.0
2011-08-19 CVE-2011-0547 Numeric Errors vulnerability in Symantec products
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.
network
low complexity
symantec CWE-189
critical
10.0
2011-07-18 CVE-2011-0548 Buffer Errors vulnerability in Symantec products
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file.
network
symantec CWE-119
critical
9.3
2011-01-31 CVE-2011-0688 Improper Authentication vulnerability in Symantec products
Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111.
network
symantec CWE-287
critical
9.3
2011-01-31 CVE-2010-0111 Improper Input Validation vulnerability in Symantec products
HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.
network
symantec CWE-20
critical
9.3