Vulnerabilities > Symantec > High

DATE CVE VULNERABILITY TITLE RISK
2019-02-08 CVE-2018-18364 Untrusted Search Path vulnerability in Symantec Ghost Solution Suite
Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine.
local
low complexity
symantec CWE-426
7.3
2019-01-24 CVE-2018-12237 OS Command Injection vulnerability in Symantec Reporter
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability.
network
low complexity
symantec CWE-78
7.2
2018-11-29 CVE-2018-12245 Untrusted Search Path vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker.
local
low complexity
symantec CWE-426
7.8
2018-11-29 CVE-2018-12238 Unspecified vulnerability in Symantec Endpoint Protection and Endpoint Protection Cloud
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection.
local
low complexity
symantec
7.8
2018-09-19 CVE-2018-12243 XXE vulnerability in Symantec Messaging Gateway
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser.
low complexity
symantec CWE-611
8.8
2018-08-22 CVE-2018-5238 Uncontrolled Search Path Element vulnerability in Symantec Norton Power Eraser and Symdiag
Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
local
low complexity
symantec CWE-427
7.8
2018-08-20 CVE-2018-5243 Resource Exhaustion vulnerability in Symantec Encryption Management Server
The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit.
network
low complexity
symantec CWE-400
7.5
2018-07-25 CVE-2018-5240 Unspecified vulnerability in Symantec Inventory 8.0/8.1
The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
low complexity
symantec
8.0
2018-06-20 CVE-2018-5237 Unspecified vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
network
low complexity
symantec
8.8
2018-04-30 CVE-2018-5234 Unspecified vulnerability in Symantec Norton Core Firmware
The Norton Core router prior to v237 may be susceptible to a command injection exploit.
low complexity
symantec
8.0