Vulnerabilities > Symantec > Medium

DATE CVE VULNERABILITY TITLE RISK
2002-12-31 CVE-2002-2336 Configuration vulnerability in Symantec Norton Personal Firewall 2002
Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
network
symantec CWE-16
4.3
2002-12-31 CVE-2002-2294 Buffer Errors vulnerability in Symantec Enterprise Firewall, Raptor Firewall and Velociraptor
Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (service termination) via (1) malformed RealAudio (rad) packets that are not properly handled by the RealAudio Proxy, or (2) crafted packets to the statistics service (statsd).
network
low complexity
symantec CWE-119
5.0
2002-12-31 CVE-2002-1937 Remote Security vulnerability in Symantec products
Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password.
network
low complexity
symantec
5.0
2002-12-31 CVE-2002-1695 Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.
network
low complexity
microsoft symantec
5.0
2002-10-28 CVE-2002-0990 Denial of Service vulnerability in Multiple Symantec HTTP Proxy
The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout.
network
low complexity
symantec
5.0
2002-06-25 CVE-2002-0344 Unspecified vulnerability in Symantec Liveupdate 1.0/1.4/1.5
Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server.
network
low complexity
symantec
5.0
2002-05-31 CVE-2002-0309 Unspecified vulnerability in Symantec Enterprise Firewall 6.5.2
SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information.
network
low complexity
symantec
5.0
2002-05-31 CVE-2002-0302 Unspecified vulnerability in Symantec Enterprise Firewall 6.5.2/7.0
The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack.
network
low complexity
symantec
5.0
2001-10-05 CVE-2001-1126 Unspecified vulnerability in Symantec Liveupdate 1.4/1.5/1.6
Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site.
network
low complexity
symantec
5.0
2001-09-07 CVE-2001-1099 Unrestricted Upload of File With Dangerous Type vulnerability in Symantec Norton Antivirus 2.5
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
network
low complexity
symantec microsoft CWE-434
5.0