Vulnerabilities > Symantec > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-03-29 CVE-2019-9695 Unspecified vulnerability in Symantec Norton Core Firmware
Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process.
low complexity
symantec
6.8
2019-01-24 CVE-2018-18363 Unspecified vulnerability in Symantec Norton APP Lock
Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit.
low complexity
symantec
6.2
2018-12-06 CVE-2018-18362 Cross-site Scripting vulnerability in Symantec Norton Password Manager
Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users.
network
low complexity
symantec CWE-79
6.1
2018-11-29 CVE-2018-12239 Unspecified vulnerability in Symantec Endpoint Protection and Endpoint Protection Cloud
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection.
low complexity
symantec
6.8
2018-11-27 CVE-2018-12241 Cross-site Scripting vulnerability in Symantec Security Analytics
The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability.
network
low complexity
symantec CWE-79
6.1
2018-10-22 CVE-2018-12246 Cross-site Scripting vulnerability in Symantec web Isolation 1.11
Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability.
network
low complexity
symantec CWE-79
6.1
2018-08-29 CVE-2018-12240 Use of Hard-coded Credentials vulnerability in Symantec Norton Password Manager
The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials.
network
high complexity
symantec CWE-798
5.9
2018-08-22 CVE-2018-5235 Uncontrolled Search Path Element vulnerability in Symantec Norton Utilities
Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
high complexity
symantec CWE-427
6.0
2018-07-16 CVE-2018-5239 Unspecified vulnerability in Symantec Norton APP Lock
Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit.
low complexity
symantec
6.2
2018-06-20 CVE-2018-5236 Race Condition vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard).
network
high complexity
symantec CWE-362
5.3