Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Norton_360
(Symantec)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-06-30 | CVE-2016-3646 | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers... | Advanced_threat_protection, Csapi, Data_center_security_server, Endpoint_protection, Mail_security_for_domino, Mail_security_for_microsoft_exchange, Message_gateway, Message_gateway_for_service_providers, Ngc, Norton_360, Norton_antivirus, Norton_bootable_removal_tool, Norton_internet_security, Norton_power_eraser, Norton_security, Norton_security_with_backup, Protection_engine, Protection_for_sharepoint_servers | 8.4 | ||
| 2016-06-30 | CVE-2016-3645 | Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01;... | Advanced_threat_protection, Csapi, Data_center_security_server, Endpoint_protection, Mail_security_for_domino, Mail_security_for_microsoft_exchange, Message_gateway, Message_gateway_for_service_providers, Ngc, Norton_360, Norton_antivirus, Norton_bootable_removal_tool, Norton_internet_security, Norton_power_eraser, Norton_security, Norton_security_with_backup, Protection_engine, Protection_for_sharepoint_servers | 9.8 | ||
| 2016-06-30 | CVE-2016-3644 | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers... | Advanced_threat_protection, Csapi, Data_center_security_server, Endpoint_protection, Mail_security_for_domino, Mail_security_for_microsoft_exchange, Message_gateway, Message_gateway_for_service_providers, Ngc, Norton_360, Norton_antivirus, Norton_bootable_removal_tool, Norton_internet_security, Norton_power_eraser, Norton_security, Norton_security_with_backup, Protection_engine, Protection_for_sharepoint_servers | 8.4 | ||
| 2020-01-09 | CVE-2016-5311 | A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. | Endpoint_protection, Endpoint_protection_cloud, Norton_360, Norton_antivirus, Norton_antivirus_with_backup, Norton_family, Norton_internet_security, Norton_security, Norton_security_with_backup | N/A | ||
| 2018-02-19 | CVE-2011-3477 | GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors. | Backup_exec_system_recovery, Norton_360, Norton_ghost, System_recovery_2011 | 5.5 | ||
| 2010-02-23 | CVE-2010-0107 | Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site." | Client_security, Norton_360, Norton_antivirus, Norton_internet_security | N/A | ||
| 2009-04-29 | CVE-2009-1428 | Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors." | Antivirus, Endpoint_protection, Norton_360, Norton_internet_security | N/A | ||
| 2008-04-08 | CVE-2008-0313 | The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share. | Norton_360, Norton_antivirus, Norton_internet_security, System_works | N/A | ||
| 2008-04-08 | CVE-2008-0312 | Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information. | Norton_360, Norton_antivirus, Norton_internet_security, Norton_system_works | N/A | ||
| 2007-04-02 | CVE-2007-1793 | SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected. | Antivirus, Client_security, Norton_360, Norton_antispam, Norton_antivirus, Norton_internet_security, Norton_personal_firewall, Norton_system_works | N/A |