Vulnerabilities > Symantec > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-24 CVE-2019-9699 Unspecified vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
low complexity
symantec
4.5
2019-09-17 CVE-2019-12755 Unspecified vulnerability in Symantec Norton Password Manager
Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
local
low complexity
symantec
5.5
2019-08-30 CVE-2019-9697 Unspecified vulnerability in Symantec Management Center 2.0/2.1/2.2
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.
network
low complexity
symantec
6.5
2019-08-30 CVE-2019-12754 Cross-site Scripting vulnerability in Symantec VIP
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy.
network
low complexity
symantec CWE-79
4.8
2019-08-30 CVE-2019-12753 Unspecified vulnerability in Symantec Reporter 10.3/10.3.1.1/10.3.2.1
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access.
network
low complexity
symantec
4.9
2019-06-19 CVE-2019-9701 Cross-site Scripting vulnerability in Symantec Data Loss Prevention
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users.
network
low complexity
symantec CWE-79
4.8
2019-05-08 CVE-2019-9698 Unspecified vulnerability in Symantec Antivirus Engine
Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system without elevated privileges.
local
low complexity
symantec
5.5
2019-04-25 CVE-2018-18366 Use of Uninitialized Resource vulnerability in Symantec products
Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.
local
low complexity
symantec CWE-908
6.5
2019-04-25 CVE-2018-12244 Improper Neutralization of Formula Elements in a CSV File vulnerability in Symantec Endpoint Protection
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.
network
low complexity
symantec CWE-1236
6.3
2019-04-09 CVE-2019-9696 Cross-site Scripting vulnerability in Symantec VIP Enterprise Gateway
Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users.
network
low complexity
symantec CWE-79
6.1