Filtered by vendor Symantec
Subscribe
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12238 | 1 Symantec | 3 Endpoint Protection, Endpoint Protection Cloud, Norton Antivirus | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected. | |||||
| CVE-2018-12237 | 1 Symantec | 1 Reporter | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges. | |||||
| CVE-2017-6331 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients. | |||||
| CVE-2017-6330 | 1 Symantec | 1 Encryption Desktop | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests." | |||||
| CVE-2017-6329 | 1 Symantec | 1 Vip Access For Desktop | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the application will generally follow a specific search path to locate the DLL. The exploitation of the vulnerability manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application. | |||||
| CVE-2017-6328 | 1 Symantec | 1 Message Gateway | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser. | |||||
| CVE-2017-6327 | 1 Symantec | 1 Message Gateway | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges. | |||||
| CVE-2017-6326 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. | |||||
| CVE-2017-6325 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | 6.0 MEDIUM | 6.6 MEDIUM |
| The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application. | |||||
| CVE-2017-6324 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application. | |||||
| CVE-2017-6323 | 1 Symantec | 1 Management Console | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
| The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. | |||||
| CVE-2017-15534 | 1 Symantec | 1 Norton App Lock | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access. | |||||
| CVE-2017-15532 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | 5.5 MEDIUM | 5.7 MEDIUM |
| Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files. | |||||
| CVE-2017-15531 | 1 Symantec | 1 Reporter | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter. | |||||
| CVE-2017-15530 | 1 Symantec | 1 Norton Family | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings. | |||||
| CVE-2017-15529 | 1 Symantec | 1 Norton Family | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
| CVE-2017-15527 | 1 Symantec | 1 Management Console | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
| Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs. | |||||
| CVE-2017-15526 | 1 Symantec | 1 Endpoint Encryption | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
| Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario. | |||||
| CVE-2017-15525 | 1 Symantec | 1 Endpoint Encryption | 2024-11-21 | 5.5 MEDIUM | 4.5 MEDIUM |
| Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
| CVE-2017-13683 | 1 Symantec | 1 Endpoint Encryption | 2024-11-21 | 2.3 LOW | 5.7 MEDIUM |
| In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code. | |||||