Vulnerabilities > Symantec > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-13 CVE-2017-15526 NULL Pointer Dereference vulnerability in Symantec Endpoint Encryption
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario.
low complexity
symantec CWE-476
5.2
2017-11-13 CVE-2017-15525 Unspecified vulnerability in Symantec Endpoint Encryption
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
low complexity
symantec
5.5
2017-11-06 CVE-2017-13681 Unspecified vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
local
low complexity
symantec
4.6
2017-09-13 CVE-2017-6330 Unspecified vulnerability in Symantec Encryption Desktop 10.3.2
Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests."
network
low complexity
symantec
4.0
2017-08-21 CVE-2017-6329 Uncontrolled Search Path Element vulnerability in Symantec VIP Access FOR Desktop
Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability.
local
low complexity
symantec CWE-427
4.6
2017-08-11 CVE-2017-6328 Cross-Site Request Forgery (CSRF) vulnerability in Symantec Message Gateway
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.
network
symantec CWE-352
6.8
2017-06-26 CVE-2017-6325 Code Injection vulnerability in Symantec Messaging Gateway
The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time.
network
symantec CWE-94
6.0
2017-05-11 CVE-2016-9092 Cross-Site Request Forgery (CSRF) vulnerability in Symantec Content Analysis and Mail Threat Defense
The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability.
network
symantec CWE-352
6.8
2017-04-14 CVE-2016-5312 Path Traversal vulnerability in Symantec Messaging Gateway
Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a ..
network
low complexity
symantec CWE-22
4.0
2017-04-14 CVE-2016-5310 Out-of-bounds Write vulnerability in multiple products
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.
4.3