Vulnerabilities > Symantec > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-10 | CVE-2008-5408 | Buffer Errors vulnerability in Symantec Backup Exec for Windows Server 11D/12.0/12.5 Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. | 9.0 |
| 2008-12-10 | CVE-2008-5407 | Improper Authentication vulnerability in Symantec Backup Exec for Windows Server 11D/12.0/12.5 Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors. | 9.4 |
| 2008-08-18 | CVE-2008-3703 | Improper Authentication vulnerability in Symantec Veritas Storage Foundation 5.0/5.1 The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. | 10.0 |
| 2008-04-10 | CVE-2007-6020 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file. | 9.3 |
| 2008-04-10 | CVE-2007-5406 | Buffer Overflow vulnerability in Autonomy KeyView Module kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file. | 9.3 |
| 2008-04-10 | CVE-2007-5405 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag. | 9.3 |
| 2008-04-08 | CVE-2008-0312 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec products Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. | 9.3 |
| 2008-02-29 | CVE-2007-6016 | Buffer Errors vulnerability in Symantec Backup Exec for Windows Server 11D/12.0 Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. | 9.3 |
| 2008-02-21 | CVE-2008-0638 | Buffer Errors vulnerability in Symantec Veritas Storage Foundation 5.0 Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size. | 9.3 |
| 2008-02-08 | CVE-2008-0640 | Improper Authentication vulnerability in Symantec Ghost Solutions Suite 1.1/2.0.0/2.0.1 Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing. | 10.0 |