Vulnerabilities > Symantec > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-24 | CVE-2019-9699 | Unspecified vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. low complexity symantec | 4.5 |
| 2019-09-17 | CVE-2019-12755 | Unspecified vulnerability in Symantec Norton Password Manager Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. | 5.5 |
| 2019-08-30 | CVE-2019-9697 | Unspecified vulnerability in Symantec Management Center 2.0/2.1/2.2 An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. | 6.5 |
| 2019-08-30 | CVE-2019-12754 | Cross-site Scripting vulnerability in Symantec VIP Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. | 4.8 |
| 2019-08-30 | CVE-2019-12753 | Unspecified vulnerability in Symantec Reporter 10.3/10.3.1.1/10.3.2.1 An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. | 4.9 |
| 2019-06-19 | CVE-2019-9701 | Cross-site Scripting vulnerability in Symantec Data Loss Prevention DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. | 4.8 |
| 2019-05-08 | CVE-2019-9698 | Unspecified vulnerability in Symantec Antivirus Engine Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system without elevated privileges. | 5.5 |
| 2019-04-25 | CVE-2018-18366 | Use of Uninitialized Resource vulnerability in Symantec products Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory. | 6.5 |
| 2019-04-25 | CVE-2018-12244 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Symantec Endpoint Protection SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files. | 6.3 |
| 2019-04-09 | CVE-2019-9696 | Cross-site Scripting vulnerability in Symantec VIP Enterprise Gateway Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. | 6.1 |