Vulnerabilities > Symantec

DATE CVE VULNERABILITY TITLE RISK
2022-12-09 CVE-2022-25629 Cross-site Scripting vulnerability in Symantec Messaging Gateway
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).
network
low complexity
symantec CWE-79
5.4
2022-12-09 CVE-2022-25630 Cross-site Scripting vulnerability in Symantec Messaging Gateway
An authenticated user can embed malicious content with XSS into the admin group policy page.
network
low complexity
symantec CWE-79
5.4
2022-11-08 CVE-2022-37015 Unspecified vulnerability in Symantec Endpoint Detection and Response
Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
network
low complexity
symantec
critical
9.8
2022-03-04 CVE-2022-25623 Improper Privilege Management vulnerability in Symantec Management Agent 8.5/8.6
The Symantec Management Agent is susceptible to a privilege escalation vulnerability.
local
low complexity
symantec CWE-269
7.2
2021-04-27 CVE-2021-30642 OS Command Injection vulnerability in Symantec Security Analytics 7.2.1/7.2.2/7.2.3
An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges.
network
low complexity
symantec CWE-78
critical
10.0
2020-11-18 CVE-2020-12593 Unspecified vulnerability in Symantec Endpoint Detection and Response
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
network
low complexity
symantec
5.0
2020-07-08 CVE-2020-5839 Information Exposure vulnerability in Symantec Endpoint Detection and Response 4.1.0/4.2.0/4.3.0
Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
network
low complexity
symantec CWE-200
5.0
2020-05-13 CVE-2020-5838 Cross-site Scripting vulnerability in Symantec IT Analytics
Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users.
network
symantec CWE-79
3.5
2020-05-11 CVE-2020-5837 Link Following vulnerability in Symantec Endpoint Protection 11/11.0/11.0.1
Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.
local
low complexity
symantec CWE-59
4.6
2020-05-11 CVE-2020-5836 Improper Privilege Management vulnerability in Symantec Endpoint Protection 11/11.0/11.0.1
Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled.
4.4