Vulnerabilities > Symantec > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-13 | CVE-2018-5242 | Unspecified vulnerability in Symantec Norton APP Lock Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. | 7.2 |
| 2018-04-30 | CVE-2018-5234 | Unspecified vulnerability in Symantec Norton Core Firmware The Norton Core router prior to v237 may be susceptible to a command injection exploit. low complexity symantec | 8.3 |
| 2018-03-26 | CVE-2017-15534 | Improper Authentication vulnerability in Symantec Norton APP Lock The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. | 7.2 |
| 2017-09-01 | CVE-2017-13674 | Unspecified vulnerability in Symantec Proxyclient 3.4 Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. | 7.2 |
| 2017-08-11 | CVE-2017-6327 | Unspecified vulnerability in Symantec Message Gateway The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. | 8.8 |
| 2017-06-26 | CVE-2017-6324 | Security Bypass vulnerability in Symantec Messaging Gateway The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. | 7.5 |
| 2016-07-12 | CVE-2016-5308 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Symantec Client Intrusion Detection System The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file. | 7.1 |
| 2016-05-14 | CVE-2015-8156 | Local Privilege Escalation vulnerability in Symantec Endpoint Encryption 11.0/11.0.0/11.0.1 Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | 7.2 |
| 2016-03-18 | CVE-2015-8153 | SQL Injection vulnerability in Symantec Endpoint Protection Manager SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 8.3 |
| 2016-03-18 | CVE-2015-8152 | Cross-Site Request Forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager 12.1 Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. | 8.5 |