Symantec

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-3456 1Symantec 3Norton Antivirus Norton Internet SecurityNorton System Works Apr 23, 2026 May 11, 2007 N/A· v4 N/A· v3 8.5 HIGH· v2 The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embed...Show more The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.Show less
CVE-2007-2375 1Symantec 1Enterprise Security Manager Apr 23, 2026 Apr 30, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that imp...Show more The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.Show less
CVE-2007-2361 1Symantec 4Backupexec System Recovery Livestate RecoveryNorton Ghost+1 more Apr 23, 2026 Apr 30, 2007 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a...Show more Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.Show less
CVE-2007-2360 1Symantec 4Backupexec System Recovery Livestate RecoveryNorton Ghost+1 more Apr 23, 2026 Apr 30, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key...Show more Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.Show less
CVE-2007-2359 1Symantec 4Backupexec System Recovery Livestate RecoveryNorton Ghost+1 more Apr 23, 2026 Apr 30, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long str...Show more Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.Show less
CVE-2007-1793 1Symantec 8Antivirus Client SecurityNorton 360+5 more Apr 23, 2026 Apr 2, 2007 N/A· v4 N/A· v3 4.9 MEDIUM· v2 SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service...Show more SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.Show less
CVE-2007-1495 1Symantec 1Norton Personal Firewall Apr 23, 2026 Mar 16, 2007 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as...Show more The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855.Show less
CVE-2007-1476 1Symantec 6Client Security Norton AntispamNorton Antivirus+3 more Apr 23, 2026 Mar 16, 2007 N/A· v4 N/A· v3 1.9 LOW· v2 The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows lo...Show more The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.Show less
CVE-2007-1252 1Symantec 1Mail Security Apr 23, 2026 Mar 3, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: so...Show more Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.Show less
CVE-2006-6490 2Supportsoft Symantec 6Automated Support Assistant Norton AntivirusNorton Internet Security+3 more Apr 23, 2026 Feb 22, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and...Show more Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.Show less
CVE-2007-0564 1Symantec 1Web Security Apr 23, 2026 Jan 30, 2007 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file.
CVE-2007-0563 1Symantec 1Web Security Apr 23, 2026 Jan 30, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (...Show more Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS.Show less
CVE-2006-6623 6Avg ComodoFilseclab+3 more 6Antihook Antivirus Plus FirewallComodo Personal Firewall+3 more Apr 23, 2026 Dec 18, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) Command...Show more Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.Show less
CVE-2006-6622 6Avg ComodoFilseclab+3 more 6Antihook Antivirus Plus FirewallComodo Personal Firewall+3 more Apr 23, 2026 Dec 18, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePa...Show more Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.Show less
CVE-2006-6621 6Avg ComodoFilseclab+3 more 6Antihook Antivirus Plus FirewallComodo Personal Firewall+3 more Apr 23, 2026 Dec 18, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) Co...Show more Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.Show less
CVE-2006-6620 6Avg ComodoFilseclab+3 more 6Antihook Antivirus Plus FirewallComodo Personal Firewall+3 more Apr 23, 2026 Dec 18, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) Command...Show more Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.Show less
CVE-2006-6619 6Avg ComodoFilseclab+3 more 6Antihook Antivirus Plus FirewallComodo Personal Firewall+3 more Apr 23, 2026 Dec 18, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) Comm...Show more AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.Show less
CVE-2006-6618 6Avg ComodoFilseclab+3 more 6Antihook Antivirus Plus FirewallComodo Personal Firewall+3 more Apr 23, 2026 Dec 18, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine,...Show more AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.Show less
CVE-2006-6222 1Symantec 3Veritas Netbackup Client Veritas Netbackup Enterprise ServerVeritas Netbackup Server Apr 23, 2026 Dec 14, 2006 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a lon...Show more Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix.Show less
CVE-2006-5822 1Symantec 3Veritas Netbackup Client Veritas Netbackup Enterprise ServerVeritas Netbackup Server Apr 23, 2026 Dec 14, 2006 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a lon...Show more Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222.Show less

Previous 1...212223...29 Next