Vulnerabilities > Symantec > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-06-21 | CVE-2014-3431 | Permissions, Privileges, and Access Controls vulnerability in Symantec Encryption Desktop and PGP Desktop Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. | 4.3 |
| 2014-06-18 | CVE-2014-1651 | SQL Injection vulnerability in Symantec web Gateway SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 5.8 |
| 2014-06-18 | CVE-2014-1650 | SQL Injection vulnerability in Symantec web Gateway SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 5.2 |
| 2014-04-23 | CVE-2014-1648 | Cross-Site Scripting vulnerability in Symantec Messaging Gateway Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. | 4.3 |
| 2014-02-14 | CVE-2013-5015 | SQL Injection vulnerability in Symantec Endpoint Protection Manager and Protection Center SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2014-02-11 | CVE-2013-5013 | Cross-Site Scripting vulnerability in Symantec web Gateway Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via (1) vectors involving PHP scripts and (2) unspecified other vectors. | 4.3 |
| 2014-02-11 | CVE-2013-5012 | SQL Injection vulnerability in Symantec web Gateway Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2014-02-07 | CVE-2014-1643 | Permissions, Privileges, and Access Controls vulnerability in Symantec Encryption Management Server 3.3.0/3.3.1 The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL. | 4.0 |
| 2014-01-10 | CVE-2013-5010 | Permissions, Privileges, and Access Controls vulnerability in Symantec Endpoint Protection The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors. | 4.6 |
| 2013-10-10 | CVE-2013-5008 | Information Exposure vulnerability in Symantec Management Platform 7.0/7.1 The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to obtain sensitive information about package-server access, or cause a denial of service, by leveraging knowledge of this key. | 4.6 |