Vulnerabilities > Symantec
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-22 | CVE-2018-12246 | Cross-site Scripting vulnerability in Symantec web Isolation 1.11 Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. | 6.1 |
| 2018-09-19 | CVE-2018-12243 | XXE vulnerability in Symantec Messaging Gateway The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. | 8.8 |
| 2018-09-19 | CVE-2018-12242 | Improper Authentication vulnerability in Symantec Messaging Gateway The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. | 9.8 |
| 2018-08-29 | CVE-2018-12240 | Use of Hard-coded Credentials vulnerability in Symantec Norton Password Manager The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials. | 5.9 |
| 2018-08-22 | CVE-2018-5238 | Uncontrolled Search Path Element vulnerability in Symantec Norton Power Eraser and Symdiag Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. | 7.8 |
| 2018-08-22 | CVE-2018-5235 | Uncontrolled Search Path Element vulnerability in Symantec Norton Utilities Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. | 6.0 |
| 2018-08-20 | CVE-2018-5243 | Resource Exhaustion vulnerability in Symantec Encryption Management Server The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. | 7.5 |
| 2018-07-25 | CVE-2018-5240 | Unspecified vulnerability in Symantec Inventory 8.0/8.1 The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. low complexity symantec | 8.0 |
| 2018-07-16 | CVE-2018-5239 | Unspecified vulnerability in Symantec Norton APP Lock Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit. low complexity symantec | 6.2 |
| 2018-06-20 | CVE-2018-5237 | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | 8.8 |