An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-19
Updated
2023-09-21
An authenticated user can embed malicious content with XSS into the admin group policy page.
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-12-09
Updated
2023-04-10
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).
Max CVSS
5.4
EPSS Score
0.05%
Published
2022-12-09
Updated
2023-03-01
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory.
Max CVSS
5.3
EPSS Score
0.07%
Published
2020-05-11
Updated
2020-05-14
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-02-11
Updated
2021-07-21
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges.
Max CVSS
5.5
EPSS Score
0.12%
Published
2020-02-11
Updated
2021-07-21
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable.
Max CVSS
5.5
EPSS Score
0.08%
Published
2020-02-11
Updated
2020-02-14
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.
Max CVSS
5.9
EPSS Score
0.08%
Published
2020-04-10
Updated
2021-07-21
Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps on the device, thereby allowing the individual to gain access.
Max CVSS
5.6
EPSS Score
0.05%
Published
2019-11-18
Updated
2019-11-20
Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
Max CVSS
5.5
EPSS Score
0.05%
Published
2019-09-17
Updated
2021-07-21
Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system without elevated privileges.
Max CVSS
5.5
EPSS Score
0.05%
Published
2019-05-08
Updated
2020-08-24
The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials.
Max CVSS
5.9
EPSS Score
0.11%
Published
2018-08-29
Updated
2020-07-15
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.
Max CVSS
5.3
EPSS Score
0.12%
Published
2018-06-20
Updated
2018-08-11
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.
Max CVSS
5.7
EPSS Score
0.08%
Published
2017-12-20
Updated
2018-01-05
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
Max CVSS
5.5
EPSS Score
0.05%
Published
2017-11-13
Updated
2019-10-03
In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code.
Max CVSS
5.7
EPSS Score
0.05%
Published
2017-10-23
Updated
2019-10-03
In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code.
Max CVSS
5.7
EPSS Score
0.05%
Published
2017-10-23
Updated
2019-10-03
Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.
Max CVSS
5.5
EPSS Score
0.06%
Published
2017-11-06
Updated
2019-10-03
A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0.
Max CVSS
5.4
EPSS Score
0.08%
Published
2020-01-08
Updated
2020-01-10
An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information.
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-01-08
Updated
2020-01-13
A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript.
Max CVSS
5.3
EPSS Score
0.15%
Published
2020-01-08
Updated
2020-01-15
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.
Max CVSS
5.5
EPSS Score
0.61%
Published
2017-04-14
Updated
2021-09-09
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.
Max CVSS
5.5
EPSS Score
0.36%
Published
2017-04-14
Updated
2021-09-09
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445.
Max CVSS
5.3
EPSS Score
0.12%
Published
2016-06-30
Updated
2017-09-01
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack.
Max CVSS
5.4
EPSS Score
0.25%
Published
2016-06-30
Updated
2017-09-01
99 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!