Symantec : Security Vulnerabilities (CVSS score between 8 and 8.99)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-8153 |
89 |
|
Exec Code Sql |
2016-03-18 |
2016-12-03 |
8.3 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
|
2 |
CVE-2015-8152 |
352 |
|
Exec Code CSRF |
2016-03-18 |
2016-12-03 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. |
|
3 |
CVE-2015-6555 |
94 |
|
Exec Code |
2015-11-12 |
2016-12-07 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. |
|
4 |
CVE-2015-6547 |
77 |
|
Exec Code |
2015-09-20 |
2016-12-22 |
8.3 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. |
|
5 |
CVE-2015-5690 |
78 |
|
Exec Code Bypass |
2015-09-20 |
2016-12-22 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect." |
|
6 |
CVE-2015-1492 |
20 |
|
+Priv |
2015-08-01 |
2017-09-21 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. |
|
7 |
CVE-2015-1489 |
264 |
|
+Priv |
2015-08-01 |
2017-09-21 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. |
|
8 |
CVE-2010-3719 |
94 |
|
Exec Code |
2011-02-02 |
2018-10-10 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method. |
|
9 |
CVE-2006-3456 |
94 |
|
Exec Code |
2007-05-11 |
2017-07-20 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771. |
Total number of vulnerabilities :
9
Page :
1
(This Page)
