Vulnerabilities > Symantec

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-12593 Unspecified vulnerability in Symantec Endpoint Detection and Response
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
network
low complexity
symantec
5.0
2020-07-08 CVE-2020-5839 Information Exposure vulnerability in Symantec Endpoint Detection and Response 4.1.0/4.2.0/4.3.0
Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
network
low complexity
symantec CWE-200
5.0
2020-05-13 CVE-2020-5838 Cross-Site Scripting vulnerability in Symantec IT Analytics
Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users.
network
symantec CWE-79
3.5
2020-05-11 CVE-2020-5837 Link Following vulnerability in Symantec Endpoint Protection 11/11.0/11.0.1
Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.
local
low complexity
symantec CWE-59
4.6
2020-05-11 CVE-2020-5836 Improper Privilege Management vulnerability in Symantec Endpoint Protection 11/11.0/11.0.1
Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled.
4.4
2020-05-11 CVE-2020-5835 Race Condition vulnerability in Symantec Endpoint Protection Manager
Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine.
4.4
2020-05-11 CVE-2020-5834 Path Traversal vulnerability in Symantec Endpoint Protection Manager
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory.
network
low complexity
symantec CWE-22
5.0
2020-05-11 CVE-2020-5833 Out-Of-Bounds Read vulnerability in Symantec Endpoint Protection Manager
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
local
low complexity
symantec CWE-125
2.1
2020-04-10 CVE-2019-18376 Missing Encryption of Sensitive Data vulnerability in Symantec Management Center 2.2/2.3/2.4
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.
network
symantec CWE-311
4.3
2020-04-10 CVE-2019-18375 Unspecified vulnerability in Symantec Advanced Secure Gateway and Proxysg
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability.
network
low complexity
symantec
6.4