Vulnerabilities > Symantec > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-06 CVE-2018-18362 Cross-site Scripting vulnerability in Symantec Norton Password Manager
Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users.
network
symantec CWE-79
4.3
2018-11-29 CVE-2018-12245 Untrusted Search Path vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker.
network
symantec CWE-426
6.8
2018-11-29 CVE-2018-12239 Unspecified vulnerability in Symantec products
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection.
local
low complexity
symantec
4.6
2018-11-29 CVE-2018-12238 Unspecified vulnerability in Symantec products
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection.
local
low complexity
symantec
4.6
2018-11-27 CVE-2018-12241 Cross-site Scripting vulnerability in Symantec Security Analytics
The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability.
network
symantec CWE-79
4.3
2018-10-22 CVE-2018-12246 Cross-site Scripting vulnerability in Symantec web Isolation 1.11
Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability.
network
symantec CWE-79
4.3
2018-09-19 CVE-2018-12243 XXE vulnerability in Symantec Messaging Gateway
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser.
low complexity
symantec CWE-611
5.8
2018-08-29 CVE-2018-12240 Use of Hard-coded Credentials vulnerability in Symantec Norton Identity Safe
The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials.
network
symantec CWE-798
4.3
2018-08-22 CVE-2018-5238 Uncontrolled Search Path Element vulnerability in Symantec Norton Power Eraser and Symdiag
Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
network
symantec CWE-427
6.8
2018-08-22 CVE-2018-5235 Uncontrolled Search Path Element vulnerability in Symantec Norton Utilities
Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
4.4