Vulnerabilities > Symantec > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-23958 Unspecified vulnerability in Symantec Protection Engine
Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability.
network
low complexity
symantec
6.5
2023-09-19 CVE-2023-23957 Open Redirect vulnerability in Symantec Identity Portal 14.4
An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4
network
low complexity
symantec CWE-601
5.4
2022-12-09 CVE-2022-25629 Cross-site Scripting vulnerability in Symantec Messaging Gateway
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).
network
low complexity
symantec CWE-79
5.4
2022-12-09 CVE-2022-25630 Cross-site Scripting vulnerability in Symantec Messaging Gateway
An authenticated user can embed malicious content with XSS into the admin group policy page.
network
low complexity
symantec CWE-79
5.4
2020-11-18 CVE-2020-12593 Unspecified vulnerability in Symantec Endpoint Detection and Response
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
network
low complexity
symantec
5.0
2020-07-08 CVE-2020-5839 Information Exposure vulnerability in Symantec Endpoint Detection and Response 4.1.0/4.2.0/4.3.0
Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
network
low complexity
symantec CWE-200
5.0
2020-05-11 CVE-2020-5837 Link Following vulnerability in Symantec Endpoint Protection 11/11.0/11.0.1
Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.
local
low complexity
symantec CWE-59
4.6
2020-05-11 CVE-2020-5836 Improper Privilege Management vulnerability in Symantec Endpoint Protection 11/11.0/11.0.1
Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled.
4.4
2020-05-11 CVE-2020-5835 Race Condition vulnerability in Symantec Endpoint Protection Manager
Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine.
4.4
2020-05-11 CVE-2020-5834 Path Traversal vulnerability in Symantec Endpoint Protection Manager
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory.
network
low complexity
symantec CWE-22
5.0