
CVE-2016-6590
https://notcve.org/view.php?id=CVE-2016-6590
08 Jan 2020 — A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code. Existe una vulnerabilidad de escalada de privilegios cuando se cargan bibliotecas DLL durante el arranque y el rein... • http://www.securityfocus.com/bid/94279 • CWE-269: Improper Privilege Management •

CVE-2016-6591
https://notcve.org/view.php?id=CVE-2016-6591
08 Jan 2020 — A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. Existe una vulnerabilidad de omisión de seguridad en Symantec Norton App Lock versiones 1.0.3.186 y anteriores, si la fijación de aplicaciones está habilitada, lo que podría permitir a un usuario malicioso local omitir las restricciones de seguridad. • http://www.securityfocus.com/bid/94343 • CWE-863: Incorrect Authorization •

CVE-2019-18379
https://notcve.org/view.php?id=CVE-2019-18379
11 Dec 2019 — Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. Symantec Messaging Gateway, versiones anteriores a 10.7.3, puede ser susceptible a una explotación de tipo server-side request forgery (SSRF), que es un tipo de problema que puede permitir a un atacante enviar ... • https://support.symantec.com/us/en/article.SYMSA1501.html • CWE-918: Server-Side Request Forgery (SSRF) •

CVE-2019-18378
https://notcve.org/view.php?id=CVE-2019-18378
11 Dec 2019 — Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. Symantec Messaging Gateway, versiones anteriores a 10.7.3, puede ser susceptible a una explotación de tipo cross-site scripting (XSS), el cual es un tipo de... • https://support.symantec.com/us/en/article.SYMSA1501.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2019-18377
https://notcve.org/view.php?id=CVE-2019-18377
11 Dec 2019 — Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Messaging Gateway, versiones anteriores a 10.7.3, puede ser susceptible a una vulnerabilidad de escalada de privilegios, que es un tipo de problema mediante el cual un atacante puede intentar comprometer la a... • https://support.symantec.com/us/en/article.SYMSA1501.html •

CVE-2019-18380
https://notcve.org/view.php?id=CVE-2019-18380
09 Dec 2019 — Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication. Symantec Industrial Control System Protection (ICSP), versiones 6.x.x, puede ser susceptible a un problema de acceso no autorizado lo que podría permitir a un actor de amenazas crear o modificar cuentas de usuario de la aplicación sin la autenticación apropiada. • https://support.symantec.com/us/en/article.SYMSA1500.html • CWE-287: Improper Authentication •

CVE-2019-18373
https://notcve.org/view.php?id=CVE-2019-18373
18 Nov 2019 — Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps on the device, thereby allowing the individual to gain access. Norton App Lock, versiones anteriores a 1.4.0.503, puede ser susceptible a una explotación de omisión. En este tipo de circunstancias, la explotación puede permitir al usuario omitir la aplicación para impedir que bloquee otras aplicaciones en el disp... • https://support.symantec.com/us/en/article.SYMSA1496.html •

CVE-2019-12758
https://notcve.org/view.php?id=CVE-2019-12758
15 Nov 2019 — Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature. Symantec Endpoint Protection, versiones anteriores a la versión 14.2 RU2, puede ser susceptible a una vulnerabilidad de ejecución de código sin firmar, lo que puede permitir a un individuo ejecutar código sin una firma digital apropiada residente. • https://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758 • CWE-427: Uncontrolled Search Path Element •

CVE-2019-12757
https://notcve.org/view.php?id=CVE-2019-12757
15 Nov 2019 — Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Endpoint Protection (SEP), versiones anteriores a la versión 14.2 RU2 y 12.... • https://support.symantec.com/us/en/article.SYMSA1488.html •

CVE-2019-12756
https://notcve.org/view.php?id=CVE-2019-12756
15 Nov 2019 — Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. Symantec Endpoint Protection (SEP), versiones anteriores a la versión 14.2 RU2, puede ser susceptible a una vulnerabilidad de omisión de protección de contraseña por la cual la capa secundaria de protección de contraseña podría ser omitida para individuos con derechos de adm... • https://support.symantec.com/us/en/article.SYMSA1488.html •