Vulnerabilities > Symantec > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-05 | CVE-2013-4679 | Buffer Errors vulnerability in Symantec Workspace Virtualization 6.4.1895.0 Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operating system. | 6.6 |
| 2013-08-05 | CVE-2013-4677 | Permissions, Privileges, and Access Controls vulnerability in Symantec Backup Exec 2010/2010R3/2012 Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files. | 4.3 |
| 2013-08-05 | CVE-2013-4676 | Cross-Site Scripting vulnerability in Symantec Backup Exec 2010R3/2012 Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console. | 4.3 |
| 2013-08-05 | CVE-2013-1610 | Local Privilege Escalation vulnerability in Symantec Encryption Desktop Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory. | 6.8 |
| 2013-08-01 | CVE-2013-4673 | Improper Input Validation vulnerability in Symantec products The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt. | 5.8 |
| 2013-08-01 | CVE-2013-4671 | Cross-Site Request Forgery (CSRF) vulnerability in Symantec products Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.0 |
| 2013-08-01 | CVE-2013-4670 | Cross-Site Scripting vulnerability in Symantec products Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-07-31 | CVE-2013-4674 | Cross-Site Scripting vulnerability in Symantec Encryption Management Server and PGP Universal Server Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment. | 4.3 |
| 2013-07-08 | CVE-2013-1614 | Cross-Site Scripting vulnerability in Symantec products Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-07-08 | CVE-2013-1613 | SQL Injection vulnerability in Symantec products SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 4.7 |