Filtered by vendor Symantec
Subscribe
Total
571 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-12758 | 1 Symantec | 1 Endpoint Protection | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature. | |||||
CVE-2020-5822 | 1 Symantec | 1 Endpoint Protection | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
CVE-2016-6588 | 1 Symantec | 1 It Management Suite | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0. | |||||
CVE-2019-12752 | 1 Symantec | 1 Sonar | 2024-02-04 | 4.1 MEDIUM | 6.1 MEDIUM |
The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system. | |||||
CVE-2020-5823 | 1 Symantec | 1 Endpoint Protection | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
CVE-2019-12753 | 1 Symantec | 1 Reporter | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users. | |||||
CVE-2019-9698 | 1 Symantec | 1 Antivirus Engine | 2024-02-04 | 3.6 LOW | 5.5 MEDIUM |
Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system without elevated privileges. | |||||
CVE-2019-12754 | 1 Symantec | 1 Vip | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. | |||||
CVE-2018-12244 | 1 Symantec | 1 Endpoint Protection | 2024-02-04 | 6.8 MEDIUM | 6.3 MEDIUM |
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files. | |||||
CVE-2018-18366 | 1 Symantec | 4 Endpoint Protection, Endpoint Protection Cloud, Endpoint Protection Cloud Agent and 1 more | 2024-02-04 | 2.1 LOW | 6.5 MEDIUM |
Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory. | |||||
CVE-2019-9703 | 1 Symantec | 1 Endpoint Encryption | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | |||||
CVE-2019-9702 | 1 Symantec | 1 Endpoint Encryption | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | |||||
CVE-2018-18371 | 2 Broadcom, Symantec | 2 Symantec Proxysg, Advanced Secure Gateway | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. | |||||
CVE-2018-18365 | 1 Symantec | 1 Norton Password Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic. | |||||
CVE-2019-9696 | 1 Symantec | 1 Vip Enterprise Gateway | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | |||||
CVE-2019-9697 | 1 Symantec | 1 Management Center | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. | |||||
CVE-2019-12751 | 1 Symantec | 1 Message Gateway | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
CVE-2019-9695 | 1 Symantec | 2 Norton Core, Norton Core Firmware | 2024-02-04 | 7.2 HIGH | 6.8 MEDIUM |
Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only possible with direct physical access to the device. | |||||
CVE-2019-9694 | 1 Symantec | 1 Endpoint Encryption | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
CVE-2019-9701 | 1 Symantec | 1 Data Loss Prevention | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. |