Vulnerabilities > Symantec > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-08 CVE-2016-6593 Untrusted Search Path vulnerability in Symantec VIP Access Desktop
A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code.
4.4
2020-01-08 CVE-2016-6590 Improper Privilege Management vulnerability in Symantec products
A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.
4.4
2020-01-08 CVE-2016-6589 Improper Input Validation vulnerability in Symantec IT Management Suite 8.0
A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0.
network
low complexity
symantec CWE-20
4.0
2019-12-11 CVE-2019-18377 Unspecified vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
network
low complexity
symantec
6.5
2019-11-18 CVE-2019-18373 Unspecified vulnerability in Symantec Norton APP Lock
Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit.
local
symantec
4.4
2019-11-15 CVE-2019-12757 Unspecified vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec
4.6
2019-11-15 CVE-2018-18368 Improper Privilege Management vulnerability in Symantec Endpoint Protection Manager
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec CWE-269
4.6
2019-11-01 CVE-2019-12752 Incorrect Default Permissions vulnerability in Symantec Sonar
The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system.
low complexity
symantec CWE-276
4.1
2019-08-30 CVE-2019-9697 Information Exposure vulnerability in Symantec Management Center 2.0/2.1/2.2
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.
network
low complexity
symantec CWE-200
4.0
2019-08-30 CVE-2019-12753 Information Exposure vulnerability in Symantec Reporter 10.3/10.3.1.1/10.3.2.1
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access.
network
low complexity
symantec CWE-200
4.0