Vulnerabilities > Symantec > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-13 CVE-2019-19547 Cross-site Scripting vulnerability in multiple products
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue.
network
low complexity
symantec fedoraproject CWE-79
6.1
2020-01-08 CVE-2016-6585 Improper Input Validation vulnerability in Symantec Norton Mobile Security
A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript.
network
high complexity
symantec CWE-20
5.3
2020-01-08 CVE-2016-6587 Information Exposure vulnerability in Symantec Norton Mobile Security
An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information.
local
low complexity
symantec CWE-200
5.5
2020-01-08 CVE-2016-6588 Cross-site Scripting vulnerability in Symantec IT Management Suite 8.0
A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0.
network
low complexity
symantec CWE-79
5.4
2020-01-08 CVE-2016-6589 Improper Input Validation vulnerability in Symantec IT Management Suite 8.0
A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0.
network
low complexity
symantec CWE-20
6.5
2019-12-11 CVE-2019-18378 Cross-site Scripting vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users.
network
low complexity
symantec CWE-79
4.8
2019-12-09 CVE-2019-18380 Improper Authentication vulnerability in Symantec Industrial Control System Protection 6.0.0
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.
low complexity
symantec CWE-287
6.5
2019-11-18 CVE-2019-18373 Unspecified vulnerability in Symantec Norton APP Lock
Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit.
high complexity
symantec
5.6
2019-11-15 CVE-2019-12758 Uncontrolled Search Path Element vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.
local
low complexity
symantec CWE-427
6.7
2019-11-01 CVE-2019-12752 Incorrect Default Permissions vulnerability in Symantec Sonar
The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system.
low complexity
symantec CWE-276
6.1