Filtered by vendor Symantec
Subscribe
Total
569 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18380 | 1 Symantec | 1 Industrial Control System Protection | 2019-12-17 | 3.3 LOW | 6.5 MEDIUM |
| Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication. | |||||
| CVE-2019-18379 | 1 Symantec | 1 Messaging Gateway | 2019-12-13 | 7.5 HIGH | 7.3 HIGH |
| Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. | |||||
| CVE-2019-18378 | 1 Symantec | 1 Messaging Gateway | 2019-12-13 | 3.5 LOW | 4.8 MEDIUM |
| Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2019-18373 | 1 Symantec | 1 Norton App Lock | 2019-11-20 | 4.4 MEDIUM | 5.6 MEDIUM |
| Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps on the device, thereby allowing the individual to gain access. | |||||
| CVE-2018-18368 | 1 Symantec | 1 Endpoint Protection Manager | 2019-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2019-12752 | 1 Symantec | 1 Sonar | 2019-11-07 | 4.1 MEDIUM | 6.1 MEDIUM |
| The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system. | |||||
| CVE-2008-2291 | 1 Symantec | 1 Altiris Deployment Solution | 2019-10-09 | 7.5 HIGH | N/A |
| axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. | |||||
| CVE-2017-6324 | 1 Symantec | 1 Messaging Gateway | 2019-10-02 | 7.5 HIGH | 7.3 HIGH |
| The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application. | |||||
| CVE-2017-15525 | 1 Symantec | 1 Endpoint Encryption | 2019-10-02 | 5.5 MEDIUM | 4.5 MEDIUM |
| Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
| CVE-2017-6326 | 1 Symantec | 1 Messaging Gateway | 2019-10-02 | 10.0 HIGH | 10.0 CRITICAL |
| The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. | |||||
| CVE-2017-13679 | 1 Symantec | 1 Encryption Desktop | 2019-10-02 | 1.4 LOW | 4.2 MEDIUM |
| A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
| CVE-2017-15534 | 1 Symantec | 1 Norton App Lock | 2019-10-02 | 7.2 HIGH | 6.7 MEDIUM |
| The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access. | |||||
| CVE-2017-6330 | 1 Symantec | 1 Encryption Desktop | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests." | |||||
| CVE-2017-13674 | 1 Symantec | 1 Proxyclient | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges. | |||||
| CVE-2018-12238 | 1 Symantec | 3 Endpoint Protection, Endpoint Protection Cloud, Norton Antivirus | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected. | |||||
| CVE-2017-13680 | 2 Microsoft, Symantec | 2 Windows, Endpoint Protection | 2019-10-02 | 3.6 LOW | 5.5 MEDIUM |
| Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system. | |||||
| CVE-2018-5240 | 1 Symantec | 1 Inventory | 2019-10-02 | 5.2 MEDIUM | 8.0 HIGH |
| The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | |||||
| CVE-2018-5234 | 1 Symantec | 2 Norton Core, Norton Core Firmware | 2019-10-02 | 8.3 HIGH | 8.0 HIGH |
| The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software. | |||||
| CVE-2018-5242 | 1 Symantec | 1 Norton App Lock | 2019-10-02 | 7.2 HIGH | 6.2 MEDIUM |
| Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access. | |||||
| CVE-2018-5237 | 1 Symantec | 1 Endpoint Protection | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | |||||