High

DATE	CVE	VULNERABILITY TITLE	RISK
2005-10-21	CVE-2005-3270	Local Privilege Escalation vulnerability in Symantec Norton Antivirus 9.0.3 Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. local low complexity symantec	7.2
2005-10-20	CVE-2005-2759	Local Privilege Escalation vulnerability in Symantec Norton Antivirus 9.0.3 SPLIT The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. local low complexity symantec	7.2
2005-06-16	CVE-2005-1970	Local Privileged Command Execution vulnerability in Symantec PCAnywhere Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature. local low complexity symantec	7.2
2005-06-09	CVE-2005-1867	Remote Security vulnerability in Brightmail Anti-Spam Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges. network low complexity symantec	7.5
2005-02-08	CVE-2005-0249	Unspecified vulnerability in Symantec products Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. network low complexity symantec	7.5
2004-12-31	CVE-2004-0369	Remote IPsec/ISAKMP Buffer Overflow vulnerability in Entrust LibKMP ISAKMP Library Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload. network low complexity entrust symantec	7.5
2004-11-23	CVE-2004-0079	NULL Pointer Dereference vulnerability in multiple products The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. network low complexity cisco symantec hp avaya redhat freebsd openbsd apple sco 4d checkpoint dell lite neoteris novell openssl sgi stonesoft tarantella vmware bluecoat securecomputing sun CWE-476	7.5
2004-09-21	CVE-2004-1694	Remote Database Default Password vulnerability in Symantec ON Command CCM and ON Icommand Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access. network low complexity symantec	7.5
2004-04-15	CVE-2004-0364	Remote Command Execution vulnerability in Symantec Norton Internet Security 2004 The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method. network low complexity symantec	7.5
2004-04-15	CVE-2004-0363	Buffer Overrun vulnerability in Symantec Norton Antispam 2004 Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam 2004, as used in Norton Internet Security 2004, allows remote attackers to execute arbitrary code via a long parameter to the LaunchCustomRuleWizard method. network low complexity symantec	7.5