Vulnerabilities > Symantec > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-06 | CVE-2015-1483 | Improper Input Validation vulnerability in Symantec Netbackup Opscenter Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. | 7.5 |
| 2015-01-21 | CVE-2014-9226 | Permissions, Privileges, and Access Controls vulnerability in multiple products The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors. | 7.2 |
| 2014-12-22 | CVE-2014-7286 | Buffer Errors vulnerability in Symantec Deployment Solution 6.9 Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2014-11-07 | CVE-2014-3437 | XML External Entity Injection vulnerability in Symantec Endpoint Protection Manager The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.5 |
| 2014-06-18 | CVE-2013-5017 | Remote Command Injection vulnerability in Symantec Web Gateway SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors. | 7.9 |
| 2014-05-16 | CVE-2014-1649 | Permissions, Privileges, and Access Controls vulnerability in Symantec Workspace Streaming 6.1/7.5.0 The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. | 7.9 |
| 2014-03-29 | CVE-2014-1645 | SQL Injection vulnerability in Symantec Liveupdate Administrator SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-03-29 | CVE-2014-1644 | Credentials Management vulnerability in Symantec Liveupdate Administrator The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account. | 7.5 |
| 2014-02-14 | CVE-2013-5014 | XML External Entity Injection vulnerability in Symantec Endpoint Protection Manager The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.5 |
| 2014-01-10 | CVE-2013-5011 | Path Traversal vulnerability in Symantec Endpoint Protection Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory. | 7.2 |