Vulnerabilities > Symantec > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-10 | CVE-2017-13675 | Unspecified vulnerability in Symantec Endpoint Encryption A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | 2.3 |
2017-10-10 | CVE-2017-13679 | Unspecified vulnerability in Symantec Encryption Desktop A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. high complexity symantec | 1.4 |
2016-07-12 | CVE-2016-2206 | Permissions, Privileges, and Access Controls vulnerability in Symantec Workspace Streaming and Workspace Virtualization The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file. | 3.3 |
2016-06-30 | CVE-2015-8801 | Improper Access Control vulnerability in Symantec Endpoint Protection Manager 12.1.6 Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device. | 3.3 |
2016-06-30 | CVE-2016-3652 | Cross-site Scripting vulnerability in Symantec Endpoint Protection Manager 12.1.6 Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2016-06-30 | CVE-2016-5305 | Cross-site Scripting vulnerability in Symantec Endpoint Protection Manager 12.1.6 Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack. | 3.5 |
2016-04-22 | CVE-2016-2203 | Credentials Management vulnerability in Symantec Messaging Gateway 10.6.0 The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. | 2.1 |
2016-04-20 | CVE-2016-2202 | Permissions, Privileges, and Access Controls vulnerability in Symantec Altiris IT Management Suite 7.6 The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors. | 2.1 |
2015-12-18 | CVE-2015-6556 | Information Exposure vulnerability in Symantec Endpoint Encryption EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. | 2.3 |
2015-10-06 | CVE-2015-6549 | Cross-site Scripting vulnerability in Symantec Netbackup Opscenter Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |