Vulnerabilities > Symantec > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-21 | CVE-2014-9224 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2014-06-18 | CVE-2014-1652 | Cross-Site Scripting vulnerability in Symantec web Gateway Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters. | 2.3 |
| 2014-04-23 | CVE-2014-1646 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Encryption Desktop and PGP Desktop Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate. | 2.6 |
| 2014-04-23 | CVE-2014-1647 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Encryption Desktop and PGP Desktop Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate. | 2.6 |
| 2013-08-05 | CVE-2013-4678 | Information Exposure vulnerability in Symantec Backup Exec 2010/2010R3/2012 The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors. | 2.7 |
| 2013-07-08 | CVE-2013-1615 | Information Exposure vulnerability in Symantec products The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls. | 2.9 |
| 2013-05-09 | CVE-2013-1611 | Cross-Site Scripting vulnerability in Symantec Brightmail Gateway 9.5/9.5.1 Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2012-09-04 | CVE-2012-3582 | Permissions, Privileges, and Access Controls vulnerability in Symantec PGP Universal Server 3.2.0/3.2.1 Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's session. | 2.9 |
| 2012-08-29 | CVE-2012-3581 | Information Exposure vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. | 3.3 |
| 2012-07-05 | CVE-2012-0300 | Permissions, Privileges, and Access Controls vulnerability in Symantec Message Filter Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified vectors. | 3.3 |