Vulnerabilities > Symantec
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-14 | CVE-2016-6592 | Uncontrolled Search Path Element vulnerability in Symantec Norton Download Manager A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. | 4.6 |
2020-01-13 | CVE-2019-19547 | Cross-site Scripting vulnerability in multiple products Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. | 6.1 |
2020-01-09 | CVE-2016-5311 | Uncontrolled Search Path Element vulnerability in Symantec products A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. | 6.9 |
2020-01-08 | CVE-2016-6585 | Improper Input Validation vulnerability in Symantec Norton Mobile Security A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript. | 3.5 |
2020-01-08 | CVE-2016-6587 | Information Exposure vulnerability in Symantec Norton Mobile Security An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information. | 2.1 |
2020-01-08 | CVE-2016-6588 | Cross-site Scripting vulnerability in Symantec IT Management Suite 8.0 A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0. | 3.5 |
2020-01-08 | CVE-2016-6586 | Improper Input Validation vulnerability in Symantec Norton Mobile Security A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist. | 4.3 |
2020-01-08 | CVE-2016-6593 | Untrusted Search Path vulnerability in Symantec VIP Access Desktop A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code. | 4.4 |
2020-01-08 | CVE-2016-6591 | Incorrect Authorization vulnerability in Symantec Norton APP Lock 1.0.3.186 A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. | 3.3 |
2020-01-08 | CVE-2016-6590 | Improper Privilege Management vulnerability in Symantec products A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code. | 4.4 |