| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-37015 |
|
|
+Priv |
2022-11-08 |
2022-11-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
2 |
CVE-2022-25630 |
79 |
|
XSS |
2022-12-09 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An authenticated user can embed malicious content with XSS into the admin group policy page. |
|
3 |
CVE-2022-25629 |
79 |
|
XSS |
2022-12-09 |
2023-03-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). |
|
4 |
CVE-2022-25623 |
269 |
|
|
2022-03-04 |
2022-03-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. |
|
5 |
CVE-2020-12593 |
|
|
|
2020-11-18 |
2020-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. |
|
6 |
CVE-2020-5839 |
200 |
|
+Info |
2020-07-08 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. |
|
7 |
CVE-2020-5838 |
79 |
|
XSS |
2020-05-13 |
2020-05-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users. |
|
8 |
CVE-2020-5837 |
59 |
|
|
2020-05-11 |
2020-05-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. |
|
9 |
CVE-2020-5836 |
269 |
|
|
2020-05-11 |
2021-07-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. |
|
10 |
CVE-2020-5835 |
362 |
|
|
2020-05-11 |
2020-05-14 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. |
|
11 |
CVE-2020-5834 |
22 |
|
Dir. Trav. |
2020-05-11 |
2020-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. |
|
12 |
CVE-2020-5833 |
125 |
|
|
2020-05-11 |
2020-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. |
|
13 |
CVE-2020-5832 |
269 |
|
+Priv |
2020-04-06 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
14 |
CVE-2020-5831 |
125 |
|
|
2020-02-11 |
2020-02-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. |
|
15 |
CVE-2020-5830 |
125 |
|
|
2020-02-11 |
2020-02-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. |
|
16 |
CVE-2020-5829 |
125 |
|
|
2020-02-11 |
2020-02-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. |
|
17 |
CVE-2020-5828 |
125 |
|
|
2020-02-11 |
2020-02-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. |
|
18 |
CVE-2020-5827 |
125 |
|
|
2020-02-11 |
2020-02-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. |
|
19 |
CVE-2020-5826 |
119 |
|
Overflow |
2020-02-11 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. |
|
20 |
CVE-2020-5825 |
269 |
|
|
2020-02-11 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges. |
|
21 |
CVE-2020-5824 |
|
|
DoS |
2020-02-11 |
2020-02-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable. |
|
22 |
CVE-2020-5823 |
269 |
|
+Priv |
2020-02-11 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
23 |
CVE-2020-5822 |
269 |
|
+Priv |
2020-02-11 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
24 |
CVE-2020-5821 |
74 |
|
Exec Code |
2020-02-11 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit. |
|
25 |
CVE-2020-5820 |
269 |
|
+Priv |
2020-02-11 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
26 |
CVE-2019-19547 |
79 |
|
XSS Bypass |
2020-01-13 |
2023-01-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. |
|
27 |
CVE-2019-18380 |
287 |
|
|
2019-12-09 |
2019-12-17 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication. |
|
28 |
CVE-2019-18379 |
918 |
|
|
2019-12-11 |
2019-12-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. |
|
29 |
CVE-2019-18378 |
79 |
|
XSS Bypass |
2019-12-11 |
2019-12-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. |
|
30 |
CVE-2019-18377 |
|
|
+Priv |
2019-12-11 |
2020-08-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
31 |
CVE-2019-18376 |
311 |
|
CSRF |
2020-04-10 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC. |
|
32 |
CVE-2019-18373 |
|
|
Bypass |
2019-11-18 |
2019-11-20 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps on the device, thereby allowing the individual to gain access. |
|
33 |
CVE-2019-18372 |
|
|
+Priv |
2019-11-15 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
34 |
CVE-2019-12759 |
|
|
+Priv |
2019-11-15 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
35 |
CVE-2019-12758 |
427 |
|
Exec Code |
2019-11-15 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature. |
|
36 |
CVE-2019-12757 |
|
|
+Priv |
2019-11-15 |
2020-08-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
37 |
CVE-2019-12756 |
|
|
Bypass |
2019-11-15 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. |
|
38 |
CVE-2019-12755 |
200 |
|
+Info |
2019-09-17 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. |
|
39 |
CVE-2019-12754 |
79 |
|
XSS Bypass |
2019-08-30 |
2019-09-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. |
|
40 |
CVE-2019-12753 |
200 |
|
+Info |
2019-08-30 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users. |
|
41 |
CVE-2019-12752 |
276 |
|
Bypass |
2019-11-01 |
2019-11-07 |
4.1 |
None |
Local Network |
Low |
??? |
None |
Partial |
Partial |
|
The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system. |
|
42 |
CVE-2019-12751 |
|
|
+Priv |
2019-07-11 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
43 |
CVE-2019-12750 |
125 |
|
+Priv |
2019-07-31 |
2020-08-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
44 |
CVE-2019-9703 |
|
|
+Priv |
2019-07-01 |
2020-08-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. |
|
45 |
CVE-2019-9702 |
|
|
+Priv |
2019-07-01 |
2020-08-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. |
|
46 |
CVE-2019-9701 |
79 |
|
XSS Bypass |
2019-06-19 |
2019-07-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. |
|
47 |
CVE-2019-9699 |
200 |
|
+Info |
2019-10-24 |
2021-07-21 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
|
Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. |
|
48 |
CVE-2019-9698 |
|
|
|
2019-05-08 |
2020-08-24 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system without elevated privileges. |
|
49 |
CVE-2019-9697 |
200 |
|
+Info |
2019-08-30 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. |
|
50 |
CVE-2019-9696 |
79 |
|
XSS Bypass |
2019-04-09 |
2019-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. |
