Vulnerabilities > Symantec > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-06-13 CVE-2018-5242 Unspecified vulnerability in Symantec Norton APP Lock
Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit.
low complexity
symantec
6.2
2018-03-26 CVE-2017-15534 Improper Authentication vulnerability in Symantec Norton APP Lock
The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit.
local
low complexity
symantec CWE-287
6.7
2018-02-19 CVE-2011-3477 Improper Input Validation vulnerability in Symantec products
GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors.
local
low complexity
symantec CWE-20
5.5
2018-02-19 CVE-2010-0109 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Symantec Altiris Deployment Solution
DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request.
low complexity
symantec CWE-119
6.5
2017-12-20 CVE-2017-15532 Path Traversal vulnerability in Symantec Messaging Gateway
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal).
low complexity
symantec CWE-22
5.7
2017-12-13 CVE-2017-15529 Resource Exhaustion vulnerability in Symantec Norton Family
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit.
local
low complexity
symantec CWE-400
6.2
2017-11-20 CVE-2017-15527 Path Traversal vulnerability in Symantec Management Console
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.
low complexity
symantec CWE-22
6.8
2017-11-13 CVE-2017-15526 NULL Pointer Dereference vulnerability in Symantec Endpoint Encryption
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario.
low complexity
symantec CWE-476
6.8
2017-11-13 CVE-2017-15525 Unspecified vulnerability in Symantec Endpoint Encryption
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
low complexity
symantec
4.5
2017-11-06 CVE-2017-13680 Unspecified vulnerability in Symantec Endpoint Protection 14
Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.
local
low complexity
symantec
5.5