Filtered by vendor Symantec
Subscriptions
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9694 | 1 Symantec | 1 Endpoint Encryption | 2024-11-21 | N/A |
| Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2019-19547 | 2 Fedoraproject, Symantec | 2 Fedora, Endpoint Detection And Response | 2024-11-21 | 6.1 Medium |
| Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | ||||
| CVE-2019-18380 | 1 Symantec | 1 Industrial Control System Protection | 2024-11-21 | 6.5 Medium |
| Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication. | ||||
| CVE-2019-18379 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | 7.3 High |
| Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. | ||||
| CVE-2019-18378 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | 4.8 Medium |
| Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | ||||
| CVE-2019-18377 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | 7.2 High |
| Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2019-18376 | 1 Symantec | 1 Management Center | 2024-11-21 | 5.9 Medium |
| A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC. | ||||
| CVE-2019-18373 | 1 Symantec | 1 Norton App Lock | 2024-11-21 | 5.6 Medium |
| Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps on the device, thereby allowing the individual to gain access. | ||||
| CVE-2019-18372 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 7.8 High |
| Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2019-12759 | 1 Symantec | 2 Endpoint Protection Manager, Mail Security | 2024-11-21 | 7.8 High |
| Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2019-12758 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 6.7 Medium |
| Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature. | ||||
| CVE-2019-12757 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 7.8 High |
| Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2019-12756 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 2.3 Low |
| Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. | ||||
| CVE-2019-12755 | 1 Symantec | 1 Norton Password Manager | 2024-11-21 | 5.5 Medium |
| Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. | ||||
| CVE-2019-12754 | 1 Symantec | 1 Vip | 2024-11-21 | N/A |
| Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. | ||||
| CVE-2019-12753 | 1 Symantec | 1 Reporter | 2024-11-21 | N/A |
| An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users. | ||||
| CVE-2019-12752 | 1 Symantec | 1 Sonar | 2024-11-21 | 6.1 Medium |
| The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system. | ||||
| CVE-2019-12751 | 1 Symantec | 1 Message Gateway | 2024-11-21 | N/A |
| Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2019-12750 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | N/A |
| Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2018-5243 | 1 Symantec | 1 Encryption Management Server | 2024-11-21 | N/A |
| The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | ||||