Vulnerabilities > Symantec > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-16 CVE-2017-6323 XXE vulnerability in Symantec Management Console 7.6/8.0
The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser.
low complexity
symantec CWE-611
8.0
2018-04-16 CVE-2016-9094 Improper Input Validation vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality.
local
low complexity
symantec CWE-20
7.8
2018-04-16 CVE-2016-9093 Improper Input Validation vulnerability in Symantec Endpoint Protection
A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input.
local
high complexity
symantec CWE-20
7.0
2017-11-06 CVE-2017-6331 Unspecified vulnerability in Symantec Endpoint Protection
Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.
local
low complexity
symantec
7.1
2017-11-06 CVE-2017-13681 Unspecified vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
local
low complexity
symantec
7.8
2017-09-01 CVE-2017-13674 Unspecified vulnerability in Symantec Proxyclient 3.4
Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability.
local
low complexity
symantec
7.8
2017-08-21 CVE-2017-6329 Uncontrolled Search Path Element vulnerability in Symantec VIP Access for Desktop 2.2.3
Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability.
local
low complexity
symantec CWE-427
7.8
2017-08-11 CVE-2017-6328 Cross-Site Request Forgery (CSRF) vulnerability in Symantec Message Gateway
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.
network
low complexity
symantec CWE-352
8.8
2017-08-11 CVE-2017-6327 Unspecified vulnerability in Symantec Message Gateway
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.
network
low complexity
symantec
8.8
2017-06-26 CVE-2017-6324 Unspecified vulnerability in Symantec Messaging Gateway
The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled.
network
low complexity
symantec
7.3