Vulnerabilities > Symantec > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-08 | CVE-2018-18364 | Untrusted Search Path vulnerability in Symantec Ghost Solution Suite Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. | 7.3 |
| 2019-01-24 | CVE-2018-12237 | OS Command Injection vulnerability in Symantec Reporter The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. | 7.2 |
| 2018-11-29 | CVE-2018-12245 | Untrusted Search Path vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. | 7.8 |
| 2018-11-29 | CVE-2018-12238 | Unspecified vulnerability in Symantec Endpoint Protection and Endpoint Protection Cloud Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. | 7.8 |
| 2018-09-19 | CVE-2018-12243 | XXE vulnerability in Symantec Messaging Gateway The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. | 8.8 |
| 2018-08-22 | CVE-2018-5238 | Uncontrolled Search Path Element vulnerability in Symantec Norton Power Eraser and Symdiag Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. | 7.8 |
| 2018-08-20 | CVE-2018-5243 | Resource Exhaustion vulnerability in Symantec Encryption Management Server The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. | 7.5 |
| 2018-07-25 | CVE-2018-5240 | Unspecified vulnerability in Symantec Inventory 8.0/8.1 The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. low complexity symantec | 8.0 |
| 2018-06-20 | CVE-2018-5237 | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | 8.8 |
| 2018-04-30 | CVE-2018-5234 | Unspecified vulnerability in Symantec Norton Core Firmware The Norton Core router prior to v237 may be susceptible to a command injection exploit. low complexity symantec | 8.0 |