Vulnerabilities > Symantec > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-07-31 CVE-2019-12750 Out-of-bounds Read vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec CWE-125
4.6
2019-07-01 CVE-2019-9703 Unspecified vulnerability in Symantec Endpoint Encryption
Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
local
low complexity
symantec
4.6
2019-07-01 CVE-2019-9702 Unspecified vulnerability in Symantec Endpoint Encryption
Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
local
low complexity
symantec
4.6
2019-04-25 CVE-2018-18367 Untrusted Search Path vulnerability in Symantec Endpoint Protection Manager
Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
network
symantec CWE-426
6.8
2019-04-25 CVE-2018-12244 Improper Neutralization of Formula Elements in a CSV File vulnerability in Symantec Endpoint Protection
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.
network
symantec CWE-1236
6.8
2019-04-25 CVE-2018-18369 Untrusted Search Path vulnerability in Symantec products
Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
network
symantec CWE-426
6.8
2019-04-10 CVE-2019-9694 Unspecified vulnerability in Symantec Endpoint Encryption
Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec
4.6
2019-04-09 CVE-2019-9696 Cross-site Scripting vulnerability in Symantec VIP Enterprise Gateway
Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users.
network
symantec CWE-79
4.3
2019-04-09 CVE-2018-18365 Unspecified vulnerability in Symantec Norton Password Manager
Norton Password Manager may be susceptible to an address spoofing issue.
network
low complexity
symantec
5.0
2019-02-08 CVE-2018-18364 Untrusted Search Path vulnerability in Symantec Ghost Solution Suite
Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine.
network
symantec CWE-426
6.0