Symantec : Security Vulnerabilities (CVSS score between 3 and 3.99)

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2019-12754	79	XSS Bypass	2019-08-30	2019-09-03	3.5	None	Remote	Medium	Single system	None	Partial	None
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy.
2	CVE-2019-9701	79	XSS Bypass	2019-06-19	2019-07-03	3.5	None	Remote	Medium	Single system	None	Partial	None
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
3	CVE-2018-5236	362		2018-06-20	2018-08-11	3.5	None	Remote	Medium	Single system	None	None	Partial
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.
4	CVE-2017-13680			2017-11-06	2019-10-02	3.6	None	Local	Low	Not required	None	Partial	Partial
Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.
5	CVE-2017-6331		Bypass	2017-11-06	2019-10-02	3.6	None	Local	Low	Not required	None	Partial	Partial
Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.
6	CVE-2016-5305	79	XSS	2016-06-30	2017-08-31	3.5	None	Remote	Medium	Single system	None	Partial	None
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack.
7	CVE-2016-3652	79	XSS	2016-06-30	2017-09-02	3.5	None	Remote	Medium	Single system	None	Partial	None
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
8	CVE-2016-2206	264		2016-07-11	2017-08-31	3.3	None	Local Network	Low	Not required	Partial	None	None
The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file.
9	CVE-2015-8801	284	Bypass	2016-06-30	2017-08-31	3.3	None	Local	Medium	Not required	Partial	Partial	None
Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.
10	CVE-2015-6549	79	XSS	2015-10-05	2016-12-09	3.5	None	Remote	Medium	Single system	None	Partial	None
Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
11	CVE-2014-9224	79	XSS	2015-01-21	2018-10-09	3.5	None	Remote	Medium	Single system	None	Partial	None
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
12	CVE-2013-1611	79	XSS	2013-05-09	2013-05-10	3.5	None	Remote	Medium	Single system	None	Partial	None
Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
13	CVE-2012-3581	200	+Info	2012-08-29	2013-10-10	3.3	None	Local Network	Low	Not required	Partial	None	None
Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.
14	CVE-2012-0300	264	+Info	2012-07-05	2012-07-17	3.3	None	Local Network	Low	Not required	Partial	None	None
Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified vectors.
15	CVE-2010-0109	119	DoS Overflow	2018-02-19	2018-03-18	3.3	None	Local Network	Low	Not required	None	None	Partial
DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.
16	CVE-2009-3029	79	XSS	2009-10-15	2013-02-06	3.5	None	Remote	Medium	Single system	None	Partial	None
Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages.
17	CVE-2008-2288	264	DoS +Info	2008-05-18	2017-08-07	3.6	None	Local	Low	Not required	None	Partial	Partial
Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information.
18	CVE-2006-4266		+Priv	2006-08-21	2018-10-17	3.6	None	Local	Low	Not required	Partial	Partial	None
Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product's functionality is intended to protect against privileged actions such as this.
19	CVE-2006-3786			2006-07-24	2018-10-17	3.6	None	Local	Low	Not required	Partial	Partial	None
Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag.
20	CVE-2006-1285			2006-03-19	2008-09-05	3.2	None	Local	Low	Single system	Partial	Partial	None
SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information.
21	CVE-2004-0217			2004-04-15	2017-07-10	3.7	User	Local	High	Not required	Partial	Partial	Partial
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.

Total number of vulnerabilities : 21 Page : 1 (This Page)