CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2006-1836
https://notcve.org/view.php?id=CVE-2006-1836
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. • http://secunia.com/advisories/19682 http://securityreason.com/securityalert/100 http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html http://securitytracker.com/id?1015953 http://www.securityfocus.com/archive/1/431318/100/0/threaded http://www.securityfocus.com/bid/17571 http://www.vupen.com/english/advisories/2006/1386 https://exchange.xforce.ibmcloud.com/vulnerabilities/25839 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3270
https://notcve.org/view.php?id=CVE-2005-3270
Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. • http://secunia.com/advisories/17268 http://securitytracker.com/id?1015084 http://www.idefense.com/application/poi/display?id=325&type=vulnerabilities http://www.securityfocus.com/bid/15142 http://www.securityfocus.com/bid/15143 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2759
https://notcve.org/view.php?id=CVE-2005-2759
** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this candidate was also originally assigned to an issue in DiskMountNotify. Use CVE-2005-3270 for the DiskMountNotify issue, and CVE-2005-2759 for the LiveUpdate issue. • http://secunia.com/advisories/17268 http://securitytracker.com/id?1015083 http://www.idefense.com/application/poi/display?id=324&type=vulnerabilities http://www.securityfocus.com/bid/15142 http://www.symantec.com/avcenter/security/Content/2005.10.19a.html •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3217
https://notcve.org/view.php?id=CVE-2005-3217
Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. • http://marc.info/?l=bugtraq&m=112879611919750&w=2 http://shadock.net/secubox/AVCraftedArchive.html •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2005-2758
https://notcve.org/view.php?id=CVE-2005-2758
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow. • http://secunia.com/advisories/17049 http://securityreason.com/securityalert/48 http://securitytracker.com/id?1015001 http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities http://www.kb.cert.org/vuls/id/849209 http://www.osvdb.org/19854 http://www.securityfocus.com/bid/15001 http://www.symantec.com/avcenter/security/Content/2005.10.04.html http://www.vupen.com/english/advisories/2005/1954 https://exchange.xforce.ibmcloud.com/vulnerabilities/22519 •