Symantec Antivirus Scan Engine — known CVE vulnerabilities
Every CVE whose affected-product data names Symantec Antivirus Scan Engine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2005-2758 — CVSS 10.0 (critical): Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute…
CVE-2006-0230 — CVSS 10.0 (critical): Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows…
CVE-2007-3699 — CVSS 9.3 (critical): The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain…
CVE-2007-0447 — CVSS 9.3 (critical): Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via…
CVE-2005-0249 — CVSS 7.5 (high): Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX…
CVE-2004-0217 — CVSS 7.0 (high): The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or…
CVE-2006-0231 — CVSS 6.4 (medium): Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which…
CVE-2005-3217 — CVSS 5.1 (medium): Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a…
CVE-2006-0232 — CVSS 5.0 (medium): Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web…
CVE-2005-1346 — CVSS 2.6 (low): Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP…