Vulnerabilities > Symantec > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-16 | CVE-2017-6323 | XXE vulnerability in Symantec Management Console 7.6/8.0 The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. | 8.0 |
| 2018-04-16 | CVE-2016-9094 | Improper Input Validation vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. | 7.8 |
| 2018-04-16 | CVE-2016-9093 | Improper Input Validation vulnerability in Symantec Endpoint Protection A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. | 7.0 |
| 2017-11-06 | CVE-2017-6331 | Unspecified vulnerability in Symantec Endpoint Protection Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients. | 7.1 |
| 2017-11-06 | CVE-2017-13681 | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | 7.8 |
| 2017-09-01 | CVE-2017-13674 | Unspecified vulnerability in Symantec Proxyclient 3.4 Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. | 7.8 |
| 2017-08-21 | CVE-2017-6329 | Uncontrolled Search Path Element vulnerability in Symantec VIP Access for Desktop 2.2.3 Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. | 7.8 |
| 2017-08-11 | CVE-2017-6328 | Cross-Site Request Forgery (CSRF) vulnerability in Symantec Message Gateway The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. | 8.8 |
| 2017-08-11 | CVE-2017-6327 | Unspecified vulnerability in Symantec Message Gateway The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. | 8.8 |
| 2017-06-26 | CVE-2017-6324 | Unspecified vulnerability in Symantec Messaging Gateway The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. | 7.3 |