← Back

Symantec

symantec

571 CVEs • 247 products

Products (247)

Click to collapse
Toggle
Endpoint Protection
endpoint_protection
71 CVEs
Norton Antivirus
norton_antivirus
67 CVEs
Endpoint Protection Manager
endpoint_protection_manager
41 CVEs
Norton Internet Security
norton_internet_security
40 CVEs
Web Gateway
web_gateway
35 CVEs
Client Security
client_security
27 CVEs
Messaging Gateway
messaging_gateway
25 CVEs
Altiris Deployment Solution
altiris_deployment_solution
24 CVEs
Norton System Works
norton_system_works
19 CVEs
Mail Security
mail_security
19 CVEs
Pcanywhere
pcanywhere
18 CVEs
Norton Personal Firewall
norton_personal_firewall
18 CVEs
Enterprise Firewall
enterprise_firewall
15 CVEs
Antivirus
antivirus
15 CVEs
Norton 360
norton_360
14 CVEs
Norton Ghost
norton_ghost
13 CVEs
Encryption Desktop
encryption_desktop
11 CVEs
Antivirus Scan Engine
antivirus_scan_engine
10 CVEs
Endpoint Encryption
endpoint_encryption
10 CVEs
Protection Engine
protection_engine
10 CVEs
Message Gateway
message_gateway
10 CVEs
Norton Security
norton_security
10 CVEs
Brightmail Antispam
brightmail_antispam
9 CVEs
Encryption Management Server
encryption_management_server
9 CVEs
Mail Security For Microsoft Exchange
mail_security_for_microsoft_exchange
9 CVEs
Mail Security For Domino
mail_security_for_domino
9 CVEs
Advanced Threat Protection
advanced_threat_protection
9 CVEs
Protection For Sharepoint Servers
protection_for_sharepoint_servers
9 CVEs
Csapi
csapi
9 CVEs
Gateway Security
gateway_security
8 CVEs
Sygate Personal Firewall
sygate_personal_firewall
8 CVEs
Backupexec System Recovery
backupexec_system_recovery
8 CVEs
Norton Power Eraser
norton_power_eraser
8 CVEs
Norton Security With Backup
norton_security_with_backup
8 CVEs
Velociraptor
velociraptor
7 CVEs
Gateway Security 5400
gateway_security_5400
7 CVEs
Web Security
web_security
7 CVEs
Ghost Solutions Suite
ghost_solutions_suite
7 CVEs
Pgp Desktop
pgp_desktop
7 CVEs
Ngc
ngc
7 CVEs
Message Gateway For Service Providers
message_gateway_for_service_providers
7 CVEs
Norton Bootable Removal Tool
norton_bootable_removal_tool
7 CVEs
Data Center Security Server
data_center_security_server
7 CVEs
Endpoint Protection Cloud
endpoint_protection_cloud
7 CVEs
Raptor Firewall
raptor_firewall
6 CVEs
Firewall Vpn Appliance 100
firewall_vpn_appliance_100
6 CVEs
Firewall Vpn Appliance 200
firewall_vpn_appliance_200
6 CVEs
Firewall Vpn Appliance 200r
firewall_vpn_appliance_200r
6 CVEs
Norton Antispam
norton_antispam
6 CVEs
Altiris Notification Server
altiris_notification_server
6 CVEs
Antivirus Central Quarantine Server
antivirus_central_quarantine_server
6 CVEs
System Center
system_center
6 CVEs
Im Manager
im_manager
6 CVEs
Web Gateway Appliance 8450
web_gateway_appliance_8450
6 CVEs
Web Gateway Appliance 8490
web_gateway_appliance_8490
6 CVEs
Data Center Security
data_center_security
6 CVEs
Norton App Lock
norton_app_lock
6 CVEs
Liveupdate
liveupdate
5 CVEs
Veritas Storage Foundation
veritas_storage_foundation
5 CVEs
Workspace Streaming
workspace_streaming
5 CVEs
Liveupdate Administrator
liveupdate_administrator
5 CVEs
Backup Exec
backup_exec
5 CVEs
Clientless Vpn Gateway 4400
clientless_vpn_gateway_4400
4 CVEs
Discovery
discovery
4 CVEs
Security Information Manager
security_information_manager
4 CVEs
Enterprise Security Manager
enterprise_security_manager
4 CVEs
Backup Exec For Windows Server
backup_exec_for_windows_server
4 CVEs
Data Loss Prevention
data_loss_prevention
4 CVEs
Message Filter
message_filter
4 CVEs
Pgp Universal Server
pgp_universal_server
4 CVEs
Norton Password Manager
norton_password_manager
4 CVEs
Endpoint Detection And Response
endpoint_detection_and_response
4 CVEs
Client Firewall
client_firewall
3 CVEs
Gateway Security 5300
gateway_security_5300
3 CVEs
Nexland Isb Soho Firewall Appliance
nexland_isb_soho_firewall_appliance
3 CVEs
Nexland Pro100 Firewall Appliance
nexland_pro100_firewall_appliance
3 CVEs
Nexland Pro400 Firewall Appliance
nexland_pro400_firewall_appliance
3 CVEs
Nexland Pro800 Firewall Appliance
nexland_pro800_firewall_appliance
3 CVEs
Nexland Pro800turbo Firewall Appliance
nexland_pro800turbo_firewall_appliance
3 CVEs
Nexland Wavebase Firewall Appliance
nexland_wavebase_firewall_appliance
3 CVEs
Gateway Security 360
gateway_security_360
3 CVEs
Gateway Security 5000 Series
gateway_security_5000_series
3 CVEs
Norton Utilities
norton_utilities
3 CVEs
Automated Support Assistant
automated_support_assistant
3 CVEs
Veritas Netbackup Client
veritas_netbackup_client
3 CVEs
Veritas Netbackup Enterprise Server
veritas_netbackup_enterprise_server
3 CVEs
Veritas Netbackup Server
veritas_netbackup_server
3 CVEs
Livestate Recovery
livestate_recovery
3 CVEs
Norton Save And Recovery
norton_save_and_recovery
3 CVEs
Reporting Server
reporting_server
3 CVEs
Veritas Backup Exec
veritas_backup_exec
3 CVEs
Scan Engine
scan_engine
3 CVEs
Mail Security Appliance
mail_security_appliance
3 CVEs
Data Loss Prevention Detection Servers
data_loss_prevention_detection_servers
3 CVEs
Data Loss Prevention Endpoint Agents
data_loss_prevention_endpoint_agents
3 CVEs
Altiris Client Management Suite Pcanywhere Solution
altiris_client_management_suite_pcanywhere_solution
3 CVEs
Altiris Deployment Solution Remote Pcanywhere Solution
altiris_deployment_solution_remote_pcanywhere_solution
3 CVEs
Security Information Manager Appliance
security_information_manager_appliance
3 CVEs
Workspace Virtualization
workspace_virtualization
3 CVEs
Norton Family
norton_family
3 CVEs

CVEs (571)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2013-5011
1Symantec
1Endpoint Protection
Apr 29, 2026
Jan 10, 2014
N/A· v4
N/A· v3
7.2 HIGH· v2
Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows...Show more
Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory.Show less
CVE-2013-5010
1Symantec
1Endpoint Protection
Apr 29, 2026
Jan 10, 2014
N/A· v4
N/A· v3
4.6 MEDIUM· v2
The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 doe...Show more
The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors.Show less
CVE-2013-5009
1Symantec
1Endpoint Protection
Apr 29, 2026
Jan 10, 2014
N/A· v4
N/A· v3
7.4 HIGH· v2
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication,...Show more
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.Show less
CVE-2013-5008
1Symantec
1Management Platform
Apr 29, 2026
Oct 10, 2013
N/A· v4
N/A· v3
4.6 MEDIUM· v2
The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' i...Show more
The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to obtain sensitive information about package-server access, or cause a denial of service, by leveraging knowledge of this key.Show less
CVE-2013-4679
1Symantec
1Workspace Virtualization
Apr 29, 2026
Aug 5, 2013
N/A· v4
N/A· v3
6.6 MEDIUM· v2
Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operatin...Show more
Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operating system.Show less
CVE-2013-4678
1Symantec
1Backup Exec
Apr 29, 2026
Aug 5, 2013
N/A· v4
N/A· v3
2.7 LOW· v2
The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors.
CVE-2013-4677
1Symantec
1Backup Exec
Apr 29, 2026
Aug 5, 2013
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify th...Show more
Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files.Show less
CVE-2013-4676
1Symantec
1Backup Exec
Apr 29, 2026
Aug 5, 2013
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-...Show more
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console.Show less
CVE-2013-4575
1Symantec
1Backup Exec
Apr 29, 2026
Aug 5, 2013
N/A· v4
N/A· v3
7.9 HIGH· v2
Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service (agent crash) or possibly e...Show more
Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via unspecified vectors.Show less
CVE-2013-1610
1Symantec
2Encryption Desktop
Pgp Desktop
Apr 29, 2026
Aug 5, 2013
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse applicatio...Show more
Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory.Show less
CVE-2013-4673
1Symantec
3Web Gateway
Web Gateway Appliance 8450Web Gateway Appliance 8490
Apr 29, 2026
Aug 1, 2013
N/A· v4
N/A· v3
5.8 MEDIUM· v2
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login...Show more
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt.Show less
CVE-2013-4672
1Symantec
3Web Gateway
Web Gateway Appliance 8450Web Gateway Appliance 8490
Apr 29, 2026
Aug 1, 2013
N/A· v4
N/A· v3
7.2 HIGH· v2
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command.
CVE-2013-4671
1Symantec
3Web Gateway
Web Gateway Appliance 8450Web Gateway Appliance 8490
Apr 29, 2026
Aug 1, 2013
N/A· v4
N/A· v3
6.0 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via...Show more
Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.Show less
CVE-2013-4670
1Symantec
3Web Gateway
Web Gateway Appliance 8450Web Gateway Appliance 8490
Apr 29, 2026
Aug 1, 2013
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...Show more
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.Show less
CVE-2013-1617
1Symantec
3Web Gateway
Web Gateway Appliance 8450Web Gateway Appliance 8490
Apr 29, 2026
Aug 1, 2013
N/A· v4
N/A· v3
7.4 HIGH· v2
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vector...Show more
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.Show less
CVE-2013-1616
1Symantec
3Web Gateway
Web Gateway Appliance 8450Web Gateway Appliance 8490
Apr 29, 2026
Aug 1, 2013
N/A· v4
N/A· v3
8.3 HIGH· v2
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.
CVE-2013-4674
1Symantec
2Encryption Management Server
Pgp Universal Server
Apr 29, 2026
Jul 31, 2013
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to injec...Show more
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.Show less
CVE-2013-1615
1Symantec
2Security Information Manager
Security Information Manager Appliance
Apr 29, 2026
Jul 8, 2013
N/A· v4
N/A· v3
2.9 LOW· v2
The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API cal...Show more
The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls.Show less
CVE-2013-1614
1Symantec
2Security Information Manager
Security Information Manager Appliance
Apr 29, 2026
Jul 8, 2013
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject...Show more
Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.Show less
CVE-2013-1613
1Symantec
2Security Information Manager
Security Information Manager Appliance
Apr 29, 2026
Jul 8, 2013
N/A· v4
N/A· v3
4.7 MEDIUM· v2
SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary S...Show more
SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.Show less