CVSS: 7.8EPSS: 0%CPEs: 77EXPL: 0CVE-2020-5820 – Symantec Endpoint Protection AvHostPlugin Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-5820
11 Feb 2020 — Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Endpoint Protection (SEP) y Symantec Endpoint Protection Small Business Edition (SEP SB... • https://support.symantec.com/us/en/article.SYMSA1505.html •
CVSS: 7.8EPSS: 0%CPEs: 77EXPL: 0CVE-2020-5822 – Symantec Endpoint Protection ccSvc Missing Authentication Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-5822
11 Feb 2020 — Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Endpoint Protection (SEP) y Symantec Endpoint Protection Small Business Edition (SEP SB... • https://support.symantec.com/us/en/article.SYMSA1505.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6592
https://notcve.org/view.php?id=CVE-2016-6592
14 Jan 2020 — A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead of the intended DLL and execute arbitrary code when the Norton Download Manager component is run by the target user. Se encontró una vulnerabilidad en Symantec Norton Download Manager versiones anteriores a 5.6. Un usuario remoto puede cre... • http://www.securityfocus.com/bid/94695 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.1EPSS: 1%CPEs: 3EXPL: 1CVE-2019-19547
https://notcve.org/view.php?id=CVE-2019-19547
13 Jan 2020 — Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. Symantec Endpoint Detection and Response (SEDR), versiones anteriores a la versión 4.3.0, puede ser susceptible a un problema de tipo cross site scripting (... • https://github.com/nasbench/CVE-2019-19547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-5311
https://notcve.org/view.php?id=CVE-2016-5311
09 Jan 2020 — A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. Se presenta una vulnerabilidad de escalada de privilegios en Symantec Norton Antivirus, Norton AntiVirus with Backup, Nor... • http://www.securityfocus.com/bid/94295 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6585
https://notcve.org/view.php?id=CVE-2016-6585
08 Jan 2020 — A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript. Existe una vulnerabilidad de denegación de servicio en Symantec Norton Mobile Security para Android versiones anteriores a la versión 3.16, lo que podría permitir a un usuario malicioso remoto conducir un ataque de tipo man-in-the-middle por medio de un JavaScript especialmente diseñado. • http://www.securityfocus.com/bid/93900 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6587
https://notcve.org/view.php?id=CVE-2016-6587
08 Jan 2020 — An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information. Existe una vulnerabilidad de Divulgación de Información en el archivo mid.dat almacenado en la tarjeta SD en Symantec Norton Mobile Security para Android versiones anteriores a la versión 3.16, lo que podría permitir a un usuario malicioso local obtener información confidencial. • http://www.securityfocus.com/bid/93858 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6586
https://notcve.org/view.php?id=CVE-2016-6586
08 Jan 2020 — A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist. Existe una vulnerabilidad de omisión de seguridad en Symantec Norton Mobile Security para Android versiones anteriores a la versión 3.16, lo que podría permitir a un usuario malicioso llevar a cabo un ataque de tipo man-in-the-middle por medio de un JavaScript especialmente ... • http://www.securityfocus.com/bid/93901 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6588
https://notcve.org/view.php?id=CVE-2016-6588
08 Jan 2020 — A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la consola del administrador de procesos de flujo de trabajo de ITMS en Symantec IT Management Suite versión 8.0. • http://www.securityfocus.com/bid/93952 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6589
https://notcve.org/view.php?id=CVE-2016-6589
08 Jan 2020 — A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0. Existe una vulnerabilidad de Denegación de Servicio en la ventana de inicio de sesión del administrador de procesos de flujo de trabajo de ITMS en Symantec IT Management Suite versión 8.0. • http://www.securityfocus.com/bid/93951 • CWE-20: Improper Input Validation •