VYPR

Vendor CVEs

Symantec

All CVEs

788 total · sorted by risk
  • CVE-2019-14418Jul 29, 2019
    risk 0.00cvss epss 0.04

    An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use…

  • CVE-2019-14417Jul 29, 2019
    risk 0.00cvss epss 0.04

    An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality.

  • CVE-2019-14416Jul 29, 2019
    risk 0.00cvss epss 0.04

    An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script…

  • CVE-2019-14415Jul 29, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a…

  • CVE-2019-3621Jul 25, 2019
    risk 0.00cvss epss 0.00

    Authentication protection bypass vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows physical local user to bypass the Windows lock screen via DLPe processes being killed just prior to the screen being locked or when the screen is locked.…

  • CVE-2019-3591Jul 24, 2019
    risk 0.00cvss epss 0.01

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a…

  • CVE-2019-3595Jul 24, 2019
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted…

  • CVE-2019-9700Jul 16, 2019
    risk 0.00cvss epss 0.00

    Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.

  • CVE-2019-12751Jul 11, 2019
    risk 0.00cvss epss 0.02

    Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an…

  • CVE-2019-9703Jul 1, 2019
    risk 0.00cvss epss 0.00

    Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.

  • CVE-2019-9702Jul 1, 2019
    risk 0.00cvss epss 0.00

    Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.

  • CVE-2019-9698May 8, 2019
    risk 0.00cvss epss 0.00

    Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system without elevated privileges.

  • CVE-2018-18367Apr 25, 2019
    risk 0.00cvss epss 0.02

    Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a…

  • CVE-2018-18366Apr 25, 2019
    risk 0.00cvss epss 0.00

    Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory…

  • CVE-2018-12244Apr 25, 2019
    risk 0.00cvss epss 0.01

    SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.

  • CVE-2018-18369Apr 25, 2019
    risk 0.00cvss epss 0.02

    Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call…

  • CVE-2019-9694Apr 10, 2019
    risk 0.00cvss epss 0.00

    Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from…

  • CVE-2019-9696Apr 9, 2019
    risk 0.00cvss epss 0.01

    Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by…

  • CVE-2019-9695Mar 29, 2019
    risk 0.00cvss epss 0.01

    Norton Core prior to v278 may be susceptible to an arbitrary code execution issue, which is a type of vulnerability that has the potential of allowing an individual to execute arbitrary commands or code on a target machine or in a target process. Note that this exploit is only…

  • CVE-2019-9868Mar 19, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.

  • CVE-2019-9867Mar 19, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.

  • CVE-2018-18364Feb 8, 2019
    risk 0.00cvss epss 0.01

    Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file…

  • CVE-2018-12237Jan 24, 2019
    risk 0.00cvss epss 0.03

    The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.

  • CVE-2018-18363Jan 24, 2019
    risk 0.00cvss epss 0.00

    Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.

  • CVE-2018-18362Dec 6, 2018
    risk 0.00cvss epss 0.01

    Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting…

  • CVE-2018-12238Nov 29, 2018
    risk 0.00cvss epss 0.00

    Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be…

  • CVE-2018-12239Nov 29, 2018
    risk 0.00cvss epss 0.01

    Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be…

  • CVE-2018-12245Nov 29, 2018
    risk 0.00cvss epss 0.01

    Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of…

  • CVE-2018-18652Oct 25, 2018
    risk 0.00cvss epss 0.04

    A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.

  • CVE-2018-12246Oct 22, 2018
    risk 0.00cvss epss 0.01

    Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack…

  • CVE-2015-6556Dec 18, 2015
    risk 0.00cvss epss 0.00

    EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump.

  • CVE-2015-4334Dec 7, 2015
    risk 0.00cvss epss 0.03

    The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers…

  • CVE-2015-8113Nov 12, 2015
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2015-6555Nov 12, 2015
    risk 0.00cvss epss 0.03

    Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.

  • CVE-2015-6554Nov 12, 2015
    risk 0.00cvss epss 0.03

    Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data.

  • CVE-2015-6549Oct 6, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-6548Sep 20, 2015
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2015-6547Sep 20, 2015
    risk 0.00cvss epss 0.04

    The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors.

  • CVE-2015-5693Sep 20, 2015
    risk 0.00cvss epss 0.04

    The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture."

  • CVE-2015-5692Sep 20, 2015
    risk 0.00cvss epss 0.05

    admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper…

  • CVE-2015-5691Sep 20, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated…

  • CVE-2015-5690Sep 20, 2015
    risk 0.00cvss epss 0.04

    The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect."

  • CVE-2015-5689Sep 20, 2015
    risk 0.00cvss epss 0.03

    ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element accesses, which allows remote attackers to…

  • CVE-2014-9229Sep 20, 2015
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role.

  • CVE-2014-9228Sep 20, 2015
    risk 0.00cvss epss 0.00

    sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlock condition.

  • CVE-2014-9227Sep 20, 2015
    risk 0.00cvss epss 0.00

    Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2015-1492Aug 1, 2015
    risk 0.00cvss epss 0.02

    Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package.

  • CVE-2015-1491Aug 1, 2015
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2015-1490Aug 1, 2015
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package.

  • CVE-2015-1488Aug 1, 2015
    risk 0.00cvss epss 0.02

    An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.

Page 10 of 16