Page 5 of 600 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

08 Jan 2020 — A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code. Existe una vulnerabilidad de escalada de privilegios cuando se cargan bibliotecas DLL durante el arranque y el rein... • http://www.securityfocus.com/bid/94279 • CWE-269: Improper Privilege Management •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

08 Jan 2020 — A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. Existe una vulnerabilidad de omisión de seguridad en Symantec Norton App Lock versiones 1.0.3.186 y anteriores, si la fijación de aplicaciones está habilitada, lo que podría permitir a un usuario malicioso local omitir las restricciones de seguridad. • http://www.securityfocus.com/bid/94343 • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

11 Dec 2019 — Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. Symantec Messaging Gateway, versiones anteriores a 10.7.3, puede ser susceptible a una explotación de tipo server-side request forgery (SSRF), que es un tipo de problema que puede permitir a un atacante enviar ... • https://support.symantec.com/us/en/article.SYMSA1501.html • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

11 Dec 2019 — Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. Symantec Messaging Gateway, versiones anteriores a 10.7.3, puede ser susceptible a una explotación de tipo cross-site scripting (XSS), el cual es un tipo de... • https://support.symantec.com/us/en/article.SYMSA1501.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 0

11 Dec 2019 — Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Messaging Gateway, versiones anteriores a 10.7.3, puede ser susceptible a una vulnerabilidad de escalada de privilegios, que es un tipo de problema mediante el cual un atacante puede intentar comprometer la a... • https://support.symantec.com/us/en/article.SYMSA1501.html •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

09 Dec 2019 — Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication. Symantec Industrial Control System Protection (ICSP), versiones 6.x.x, puede ser susceptible a un problema de acceso no autorizado lo que podría permitir a un actor de amenazas crear o modificar cuentas de usuario de la aplicación sin la autenticación apropiada. • https://support.symantec.com/us/en/article.SYMSA1500.html • CWE-287: Improper Authentication •

CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0

18 Nov 2019 — Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps on the device, thereby allowing the individual to gain access. Norton App Lock, versiones anteriores a 1.4.0.503, puede ser susceptible a una explotación de omisión. En este tipo de circunstancias, la explotación puede permitir al usuario omitir la aplicación para impedir que bloquee otras aplicaciones en el disp... • https://support.symantec.com/us/en/article.SYMSA1496.html •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

15 Nov 2019 — Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature. Symantec Endpoint Protection, versiones anteriores a la versión 14.2 RU2, puede ser susceptible a una vulnerabilidad de ejecución de código sin firmar, lo que puede permitir a un individuo ejecutar código sin una firma digital apropiada residente. • https://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758 • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.8EPSS: 0%CPEs: 76EXPL: 0

15 Nov 2019 — Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Endpoint Protection (SEP), versiones anteriores a la versión 14.2 RU2 y 12.... • https://support.symantec.com/us/en/article.SYMSA1488.html •

CVSS: 2.3EPSS: 0%CPEs: 50EXPL: 0

15 Nov 2019 — Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. Symantec Endpoint Protection (SEP), versiones anteriores a la versión 14.2 RU2, puede ser susceptible a una vulnerabilidad de omisión de protección de contraseña por la cual la capa secundaria de protección de contraseña podría ser omitida para individuos con derechos de adm... • https://support.symantec.com/us/en/article.SYMSA1488.html •