Vulnerabilities > Symantec > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-23958 | Unspecified vulnerability in Symantec Protection Engine Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. | 6.5 |
| 2023-09-19 | CVE-2023-23957 | Open Redirect vulnerability in Symantec Identity Portal 14.4 An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | 5.4 |
| 2022-12-09 | CVE-2022-25629 | Cross-site Scripting vulnerability in Symantec Messaging Gateway An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). | 5.4 |
| 2022-12-09 | CVE-2022-25630 | Cross-site Scripting vulnerability in Symantec Messaging Gateway An authenticated user can embed malicious content with XSS into the admin group policy page. | 5.4 |
| 2020-11-18 | CVE-2020-12593 | Unspecified vulnerability in Symantec Endpoint Detection and Response Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 5.0 |
| 2020-07-08 | CVE-2020-5839 | Information Exposure vulnerability in Symantec Endpoint Detection and Response 4.1.0/4.2.0/4.3.0 Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 5.0 |
| 2020-05-11 | CVE-2020-5837 | Link Following vulnerability in Symantec Endpoint Protection 11/11.0/11.0.1 Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. | 4.6 |
| 2020-05-11 | CVE-2020-5836 | Improper Privilege Management vulnerability in Symantec Endpoint Protection 11/11.0/11.0.1 Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. | 4.4 |
| 2020-05-11 | CVE-2020-5835 | Race Condition vulnerability in Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. | 4.4 |
| 2020-05-11 | CVE-2020-5834 | Path Traversal vulnerability in Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. | 5.0 |