Vulnerabilities > Symantec > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-10 CVE-2019-18376 Missing Encryption of Sensitive Data vulnerability in Symantec Management Center 2.2/2.3/2.4
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.
network
symantec CWE-311
4.3
2020-04-06 CVE-2020-5832 Improper Privilege Management vulnerability in Symantec Data Center Security 6.8.1
Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec CWE-269
4.6
2020-02-11 CVE-2020-5823 Improper Privilege Management vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec CWE-269
4.6
2020-02-11 CVE-2020-5822 Improper Privilege Management vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec CWE-269
4.6
2020-02-11 CVE-2020-5821 Injection vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit.
local
low complexity
symantec CWE-74
4.6
2020-02-11 CVE-2020-5820 Improper Privilege Management vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec CWE-269
4.6
2020-01-14 CVE-2016-6592 Uncontrolled Search Path Element vulnerability in Symantec Norton Download Manager
A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6.
local
low complexity
symantec CWE-427
4.6
2020-01-13 CVE-2019-19547 Cross-site Scripting vulnerability in multiple products
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue.
network
low complexity
symantec fedoraproject CWE-79
6.1
2020-01-09 CVE-2016-5311 Uncontrolled Search Path Element vulnerability in Symantec products
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.
6.9
2020-01-08 CVE-2016-6586 Improper Input Validation vulnerability in Symantec Norton Mobile Security
A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist.
network
symantec CWE-20
4.3