Vulnerabilities > Symantec > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-05 | CVE-2005-2758 | Buffer Overflow vulnerability in Symantec products Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow. | 10.0 |
| 2005-08-30 | CVE-2005-2017 | Unspecified vulnerability in Symantec Norton Antivirus 9.0.1.1000 Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540. | 10.0 |
| 2005-03-01 | CVE-2004-1029 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. | 9.3 |
| 2004-12-31 | CVE-2004-1483 | Multiple vulnerability in Symantec Clientless VPN Gateway 4400 5.0 Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact. | 10.0 |
| 2004-08-18 | CVE-2004-0487 | Remote Code Execution vulnerability in Symantec Norton Antivirus 2.1 A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs. | 10.0 |
| 2004-07-07 | CVE-2004-0444 | Buffer Overflow vulnerability in Symantec Client Firewall NetBIOS Name Service Response Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components. | 10.0 |
| 2002-12-31 | CVE-2002-2397 | Improper Authentication vulnerability in Symantec Sygate Personal Firewall 5.0 Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. | 10.0 |
| 2002-12-31 | CVE-2002-2281 | Unspecified vulnerability in Symantec Java Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4.0 through 4.8 allows remote attackers to execute arbitrary Java commands via an applet that uses a jump call, which is not correctly compiled by the JIT compiler. | 10.0 |
| 2001-10-05 | CVE-2001-1125 | Download of Code Without Integrity Check vulnerability in Symantec Liveupdate 1.0/1.4/1.5 Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. | 9.8 |