Vulnerabilities > Symantec > High

DATE CVE VULNERABILITY TITLE RISK
2015-03-06 CVE-2015-1483 Improper Input Validation vulnerability in Symantec Netbackup Opscenter
Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors.
network
low complexity
symantec linux CWE-20
7.5
2015-01-21 CVE-2014-9226 Permissions, Privileges, and Access Controls vulnerability in multiple products
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
local
low complexity
broadcom symantec CWE-264
7.2
2014-12-22 CVE-2014-7286 Buffer Errors vulnerability in Symantec Deployment Solution 6.9
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.
local
low complexity
symantec microsoft CWE-119
7.2
2014-11-07 CVE-2014-3437 XML External Entity Injection vulnerability in Symantec Endpoint Protection Manager
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
symantec
7.5
2014-06-18 CVE-2013-5017 Remote Command Injection vulnerability in Symantec Web Gateway
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.
7.9
2014-05-16 CVE-2014-1649 Permissions, Privileges, and Access Controls vulnerability in Symantec Workspace Streaming 6.1/7.5.0
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
7.9
2014-03-29 CVE-2014-1645 SQL Injection vulnerability in Symantec Liveupdate Administrator
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
symantec CWE-89
7.5
2014-03-29 CVE-2014-1644 Credentials Management vulnerability in Symantec Liveupdate Administrator
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.
network
low complexity
symantec CWE-255
7.5
2014-02-14 CVE-2013-5014 XML External Entity Injection vulnerability in Symantec Endpoint Protection Manager
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
symantec
7.5
2014-01-10 CVE-2013-5011 Path Traversal vulnerability in Symantec Endpoint Protection
Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory.
local
low complexity
symantec CWE-22
7.2