Vulnerabilities > Symantec > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-30 | CVE-2007-0564 | Denial-Of-Service vulnerability in Web Security The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file. | 4.0 |
| 2007-01-30 | CVE-2007-0563 | Denial of Service And Cross-Site Scripting vulnerability in Symantec Web Security Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. network symantec | 4.3 |
| 2006-10-26 | CVE-2006-5545 | Unspecified vulnerability in Symantec Mail Security 5.1.0 Premium Antispam in Symantec Mail Security for Domino Server 5.1.x before 5.1.2.28 does not filter certain SMTP address formats, which allows remote attackers to use the product as a spam relay. | 5.0 |
| 2006-10-23 | CVE-2006-3455 | Local Privilege Escalation vulnerability in Symantec Client Security and Norton Antivirus The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function. | 4.3 |
| 2006-10-19 | CVE-2006-5403 | Buffer Overflow vulnerability in Symantec Automated Support Assistant ActiveX Control Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | 5.1 |
| 2006-10-10 | CVE-2006-4927 | Privilege Escalation vulnerability in Symantec AntiVirus IOCTL Kernel The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB. | 4.6 |
| 2006-09-26 | CVE-2006-4981 | Security Bypass vulnerability in Sygate Network Access Control Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs). | 4.6 |
| 2006-09-19 | CVE-2006-4855 | Resource Management Errors vulnerability in Symantec products The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data. | 4.9 |
| 2006-09-14 | CVE-2006-4802 | Local Format String vulnerability in Symantec Client Security and Norton Antivirus Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor. | 4.6 |
| 2006-08-23 | CVE-2006-4314 | Denial of Service vulnerability in Symantec Enterprise Security Manager The manager server in Symantec Enterprise Security Manager (ESM) 6 and 6.5.x allows remote attackers to cause a denial of service (hang) via a malformed ESM agent request. | 5.0 |