Vulnerabilities > Symantec
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-20 | CVE-2018-5236 | Race Condition vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). | 5.3 |
| 2018-06-13 | CVE-2018-5242 | Unspecified vulnerability in Symantec Norton APP Lock Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. low complexity symantec | 6.2 |
| 2018-04-30 | CVE-2018-5234 | Unspecified vulnerability in Symantec Norton Core Firmware The Norton Core router prior to v237 may be susceptible to a command injection exploit. low complexity symantec | 8.0 |
| 2018-04-16 | CVE-2017-6323 | XXE vulnerability in Symantec Management Console 7.6/8.0 The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. | 8.0 |
| 2018-04-16 | CVE-2016-9094 | Improper Input Validation vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. | 7.8 |
| 2018-04-16 | CVE-2016-9093 | Improper Input Validation vulnerability in Symantec Endpoint Protection A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. | 7.0 |
| 2018-03-26 | CVE-2017-15534 | Improper Authentication vulnerability in Symantec Norton APP Lock The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. | 6.7 |
| 2018-02-19 | CVE-2011-3477 | Improper Input Validation vulnerability in Symantec products GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors. | 5.5 |
| 2018-02-19 | CVE-2010-0109 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Symantec Altiris Deployment Solution DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request. | 6.5 |
| 2018-01-23 | CVE-2017-15531 | Improper Authentication vulnerability in Symantec Reporter 10.1/9.5 Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. | 9.8 |