Vulnerabilities > Symantec > Low

DATE CVE VULNERABILITY TITLE RISK
2020-01-08 CVE-2016-6585 Improper Input Validation vulnerability in Symantec Norton Mobile Security
A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript.
network
symantec CWE-20
3.5
2020-01-08 CVE-2016-6587 Information Exposure vulnerability in Symantec Norton Mobile Security
An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information.
local
low complexity
symantec CWE-200
2.1
2020-01-08 CVE-2016-6588 Cross-site Scripting vulnerability in Symantec IT Management Suite 8.0
A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0.
network
symantec CWE-79
3.5
2020-01-08 CVE-2016-6591 Incorrect Authorization vulnerability in Symantec Norton APP Lock 1.0.3.186
A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.
3.3
2019-12-11 CVE-2019-18378 Cross-site Scripting vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users.
network
symantec CWE-79
3.5
2019-12-09 CVE-2019-18380 Improper Authentication vulnerability in Symantec Industrial Control System Protection 6.0.0
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.
low complexity
symantec CWE-287
3.3
2019-11-15 CVE-2019-12756 Unspecified vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights.
local
low complexity
symantec
2.1
2019-10-24 CVE-2019-9699 Information Exposure vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
low complexity
symantec CWE-200
2.7
2019-09-17 CVE-2019-12755 Information Exposure vulnerability in Symantec Norton Password Manager
Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
local
low complexity
symantec CWE-200
2.1
2019-08-30 CVE-2019-12754 Cross-site Scripting vulnerability in Symantec VIP
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy.
network
symantec CWE-79
3.5