Vulnerabilities > Symantec
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-01 | CVE-2019-9703 | Unspecified vulnerability in Symantec Endpoint Encryption Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | 4.6 |
| 2019-07-01 | CVE-2019-9702 | Unspecified vulnerability in Symantec Endpoint Encryption Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | 4.6 |
| 2019-06-19 | CVE-2019-9701 | Cross-site Scripting vulnerability in Symantec Data Loss Prevention DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. | 3.5 |
| 2019-05-08 | CVE-2019-9698 | Unspecified vulnerability in Symantec Antivirus Engine Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system without elevated privileges. | 3.6 |
| 2019-04-25 | CVE-2018-18367 | Untrusted Search Path vulnerability in Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. | 6.8 |
| 2019-04-25 | CVE-2018-18366 | Use of Uninitialized Resource vulnerability in Symantec products Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory. | 2.1 |
| 2019-04-25 | CVE-2018-12244 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Symantec Endpoint Protection SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files. | 6.8 |
| 2019-04-25 | CVE-2018-18369 | Untrusted Search Path vulnerability in Symantec products Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. | 6.8 |
| 2019-04-10 | CVE-2019-9694 | Unspecified vulnerability in Symantec Endpoint Encryption Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 4.6 |
| 2019-04-09 | CVE-2019-9696 | Cross-site Scripting vulnerability in Symantec VIP Enterprise Gateway Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. | 4.3 |