Vulnerabilities > Symantec > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-11 CVE-2020-5821 Uncontrolled Search Path Element vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit.
local
low complexity
symantec CWE-427
7.8
2020-02-11 CVE-2020-5820 Unspecified vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec
7.8
2020-01-14 CVE-2016-6592 Uncontrolled Search Path Element vulnerability in Symantec Norton Download Manager
A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6.
local
low complexity
symantec CWE-427
7.8
2020-01-09 CVE-2016-5311 Uncontrolled Search Path Element vulnerability in Symantec products
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.
local
low complexity
symantec CWE-427
7.8
2020-01-08 CVE-2016-6593 Untrusted Search Path vulnerability in Symantec VIP Access Desktop
A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code.
local
low complexity
symantec CWE-426
7.8
2020-01-08 CVE-2016-6591 Incorrect Authorization vulnerability in Symantec Norton APP Lock 1.0.3.186
A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.
low complexity
symantec CWE-863
7.1
2020-01-08 CVE-2016-6590 Improper Privilege Management vulnerability in Symantec products
A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.
local
low complexity
symantec CWE-269
7.8
2019-12-11 CVE-2019-18379 Server-Side Request Forgery (SSRF) vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface.
network
low complexity
symantec CWE-918
7.3
2019-12-11 CVE-2019-18377 Unspecified vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
network
low complexity
symantec
7.2
2019-11-15 CVE-2019-18372 Unspecified vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec
7.8