Vulnerabilities > Symantec > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-13 CVE-2018-5242 Unspecified vulnerability in Symantec Norton APP Lock
Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit.
local
low complexity
symantec
7.2
2018-04-30 CVE-2018-5234 Unspecified vulnerability in Symantec Norton Core Firmware
The Norton Core router prior to v237 may be susceptible to a command injection exploit.
low complexity
symantec
8.3
2018-03-26 CVE-2017-15534 Improper Authentication vulnerability in Symantec Norton APP Lock
The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit.
local
low complexity
symantec CWE-287
7.2
2017-09-01 CVE-2017-13674 Unspecified vulnerability in Symantec Proxyclient 3.4
Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability.
local
low complexity
symantec
7.2
2017-08-11 CVE-2017-6327 Unspecified vulnerability in Symantec Message Gateway
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.
network
low complexity
symantec
8.8
2017-06-26 CVE-2017-6324 Security Bypass vulnerability in Symantec Messaging Gateway
The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled.
network
low complexity
symantec
7.5
2016-07-12 CVE-2016-5308 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Symantec Client Intrusion Detection System
The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file.
7.1
2016-05-14 CVE-2015-8156 Local Privilege Escalation vulnerability in Symantec Endpoint Encryption 11.0/11.0.0/11.0.1
Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.
local
low complexity
symantec
7.2
2016-03-18 CVE-2015-8153 SQL Injection vulnerability in Symantec Endpoint Protection Manager
SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
symantec CWE-89
8.3
2016-03-18 CVE-2015-8152 Cross-Site Request Forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager 12.1
Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.
network
symantec CWE-352
8.5