Vulnerabilities > Symantec

DATE CVE VULNERABILITY TITLE RISK
2020-01-14 CVE-2016-6592 Uncontrolled Search Path Element vulnerability in Symantec Norton Download Manager
A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6.
local
low complexity
symantec CWE-427
7.8
2020-01-13 CVE-2019-19547 Cross-site Scripting vulnerability in multiple products
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue.
network
low complexity
symantec fedoraproject CWE-79
6.1
2020-01-09 CVE-2016-5311 Uncontrolled Search Path Element vulnerability in Symantec products
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.
local
low complexity
symantec CWE-427
7.8
2020-01-08 CVE-2016-6585 Improper Input Validation vulnerability in Symantec Norton Mobile Security
A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript.
network
high complexity
symantec CWE-20
5.3
2020-01-08 CVE-2016-6587 Information Exposure vulnerability in Symantec Norton Mobile Security
An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information.
local
low complexity
symantec CWE-200
5.5
2020-01-08 CVE-2016-6588 Cross-site Scripting vulnerability in Symantec IT Management Suite 8.0
A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0.
network
low complexity
symantec CWE-79
5.4
2020-01-08 CVE-2016-6586 Improper Input Validation vulnerability in Symantec Norton Mobile Security
A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist.
network
high complexity
symantec CWE-20
3.7
2020-01-08 CVE-2016-6593 Untrusted Search Path vulnerability in Symantec VIP Access Desktop
A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code.
local
low complexity
symantec CWE-426
7.8
2020-01-08 CVE-2016-6591 Incorrect Authorization vulnerability in Symantec Norton APP Lock 1.0.3.186
A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.
low complexity
symantec CWE-863
7.1
2020-01-08 CVE-2016-6590 Improper Privilege Management vulnerability in Symantec products
A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.
local
low complexity
symantec CWE-269
7.8