Vulnerabilities > Symantec > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-08 | CVE-2016-6585 | Improper Input Validation vulnerability in Symantec Norton Mobile Security A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript. | 3.5 |
| 2020-01-08 | CVE-2016-6587 | Information Exposure vulnerability in Symantec Norton Mobile Security An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information. | 2.1 |
| 2020-01-08 | CVE-2016-6588 | Cross-site Scripting vulnerability in Symantec IT Management Suite 8.0 A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0. | 3.5 |
| 2020-01-08 | CVE-2016-6591 | Incorrect Authorization vulnerability in Symantec Norton APP Lock 1.0.3.186 A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. | 3.3 |
| 2019-12-11 | CVE-2019-18378 | Cross-site Scripting vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. | 3.5 |
| 2019-12-09 | CVE-2019-18380 | Improper Authentication vulnerability in Symantec Industrial Control System Protection 6.0.0 Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication. | 3.3 |
| 2019-11-15 | CVE-2019-12756 | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. | 2.1 |
| 2019-10-24 | CVE-2019-9699 | Information Exposure vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 2.7 |
| 2019-09-17 | CVE-2019-12755 | Information Exposure vulnerability in Symantec Norton Password Manager Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. | 2.1 |
| 2019-08-30 | CVE-2019-12754 | Cross-site Scripting vulnerability in Symantec VIP Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. | 3.5 |