Filtered by vendor Symantec
Subscribe
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13682 | 1 Symantec | 1 Encryption Desktop | 2024-11-21 | 2.3 LOW | 5.7 MEDIUM |
| In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code. | |||||
| CVE-2017-13681 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack. | |||||
| CVE-2017-13680 | 2 Microsoft, Symantec | 2 Windows, Endpoint Protection | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system. | |||||
| CVE-2017-13679 | 1 Symantec | 1 Encryption Desktop | 2024-11-21 | 1.4 LOW | 4.2 MEDIUM |
| A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
| CVE-2017-13675 | 1 Symantec | 1 Endpoint Encryption | 2024-11-21 | 2.3 LOW | 4.2 MEDIUM |
| A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
| CVE-2017-13674 | 1 Symantec | 1 Proxyclient | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges. | |||||
| CVE-2016-9094 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential exists for file metadata to be interpreted and evaluated as a formula. Successful exploitation of an attack of this type requires considerable direct user-interaction from the user exporting and then opening the log files on the intended target client. | |||||
| CVE-2016-9093 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. In very narrow circumstances, and on 64-bit systems only, this could allow the user to run arbitrary code on the local machine with kernel-level privileges. This could result in a non-privileged user gaining privileged access on the local machine. | |||||
| CVE-2016-9092 | 1 Symantec | 2 Content Analysis, Mail Threat Defense | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user. | |||||
| CVE-2016-6593 | 1 Symantec | 1 Vip Access Desktop | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code. | |||||
| CVE-2016-6592 | 1 Symantec | 1 Norton Download Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead of the intended DLL and execute arbitrary code when the Norton Download Manager component is run by the target user. | |||||
| CVE-2016-6591 | 1 Symantec | 1 Norton App Lock | 2024-11-21 | 3.3 LOW | 7.1 HIGH |
| A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. | |||||
| CVE-2016-6590 | 1 Symantec | 4 Encryption Desktop, Endpoint Encryption, Ghost Solution Suite and 1 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code. | |||||
| CVE-2016-6589 | 1 Symantec | 1 It Management Suite | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0. | |||||
| CVE-2016-6588 | 1 Symantec | 1 It Management Suite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0. | |||||
| CVE-2016-6587 | 1 Symantec | 1 Norton Mobile Security | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information. | |||||
| CVE-2016-6586 | 1 Symantec | 1 Norton Mobile Security | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist. | |||||
| CVE-2016-6585 | 1 Symantec | 1 Norton Mobile Security | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript. | |||||
| CVE-2016-5313 | 1 Symantec | 1 Web Gateway | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. | |||||
| CVE-2016-5312 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. | |||||