Vulnerabilities > Symantec > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-02-19 | CVE-2010-0106 | Unspecified vulnerability in Symantec Antivirus, Client Security and Endpoint Protection The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific events" that prevent the user from having read access to unspecified resources. local symantec | 1.9 |
| 2009-10-15 | CVE-2009-3029 | Cross-Site Scripting vulnerability in Symantec Securityexpressions Audit and Compliance Server 4.1 Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages. | 3.5 |
| 2008-05-18 | CVE-2008-2288 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris Deployment Solution 6.8/6.9 Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information. | 3.6 |
| 2008-04-11 | CVE-2008-1754 | Cryptographic Issues vulnerability in Symantec Altiris Deployment Solution 6.8/6.8.380 Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. | 1.7 |
| 2007-03-16 | CVE-2007-1476 | Improper Input Validation vulnerability in Symantec products The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855. | 1.9 |
| 2006-10-19 | CVE-2006-5404 | Buffer Overflow vulnerability in Symantec Automated Support Assistant ActiveX Control Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors. | 2.6 |
| 2006-08-21 | CVE-2006-4266 | Unspecified vulnerability in Symantec Norton Personal Firewall Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. | 3.6 |
| 2006-08-05 | CVE-2006-3457 | Information Disclosure vulnerability in Symantec On-Demand Agent and On-Demand Protection Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method. | 2.1 |
| 2006-07-24 | CVE-2006-3785 | Local Security vulnerability in Symantec Pcanywhere 12.5 Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin. | 2.1 |
| 2006-07-24 | CVE-2006-3786 | Local Security vulnerability in Symantec Pcanywhere 12.5 Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag. | 3.6 |