Vulnerabilities > Symantec > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-08 | CVE-2016-6593 | Untrusted Search Path vulnerability in Symantec VIP Access Desktop A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code. | 4.4 |
| 2020-01-08 | CVE-2016-6590 | Improper Privilege Management vulnerability in Symantec products A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code. | 4.4 |
| 2020-01-08 | CVE-2016-6589 | Improper Input Validation vulnerability in Symantec IT Management Suite 8.0 A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0. | 4.0 |
| 2019-12-11 | CVE-2019-18377 | Unspecified vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 6.5 |
| 2019-11-18 | CVE-2019-18373 | Unspecified vulnerability in Symantec Norton APP Lock Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. local symantec | 4.4 |
| 2019-11-15 | CVE-2019-12757 | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 4.6 |
| 2019-11-15 | CVE-2018-18368 | Improper Privilege Management vulnerability in Symantec Endpoint Protection Manager Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 4.6 |
| 2019-11-01 | CVE-2019-12752 | Incorrect Default Permissions vulnerability in Symantec Sonar The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system. | 4.1 |
| 2019-08-30 | CVE-2019-9697 | Information Exposure vulnerability in Symantec Management Center 2.0/2.1/2.2 An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. | 4.0 |
| 2019-08-30 | CVE-2019-12753 | Information Exposure vulnerability in Symantec Reporter 10.3/10.3.1.1/10.3.2.1 An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. | 4.0 |