CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2016-6592
https://notcve.org/view.php?id=CVE-2016-6592
A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead of the intended DLL and execute arbitrary code when the Norton Download Manager component is run by the target user. Se encontró una vulnerabilidad en Symantec Norton Download Manager versiones anteriores a 5.6. Un usuario remoto puede crear un archivo DLL especialmente diseñado que, cuando es colocado sobre el sistema del usuario objetivo, hará que el componente Norton Download Manager cargue la DLL del usuario remoto en lugar de la DLL deseada y ejecute código arbitrario cuando el componente Norton Download Manager sea ejecutado por el usuario objetivo. • http://www.securityfocus.com/bid/94695 http://www.securityfocus.com/bid/95444 http://www.securitytracker.com/id/1037622 http://www.securitytracker.com/id/1037623 http://www.securitytracker.com/id/1037624 https://support.symantec.com/us/en/article.SYMSA1394.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-19547
https://notcve.org/view.php?id=CVE-2019-19547
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. Symantec Endpoint Detection and Response (SEDR), versiones anteriores a la versión 4.3.0, puede ser susceptible a un problema de tipo cross site scripting (XSS). Un XSS es un tipo de problema que puede habilitar a atacantes para inyectar scripts del lado del cliente en páginas web visualizadas por otros usuarios. • https://github.com/nasbench/CVE-2019-19547 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN https://support.symantec.com/us/en/article.SYMSA1502.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-5311
https://notcve.org/view.php?id=CVE-2016-5311
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. Se presenta una vulnerabilidad de escalada de privilegios en Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud y Endpoint Protection Cloud Client, debido a una precarga de DLL sin restricciones de ruta, que podría permitir a un usuario malicioso local obtener privilegios system. • http://www.securityfocus.com/bid/94295 http://www.securitytracker.com/id/1037323 http://www.securitytracker.com/id/1037324 http://www.securitytracker.com/id/1037325 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6585
https://notcve.org/view.php?id=CVE-2016-6585
A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript. Existe una vulnerabilidad de denegación de servicio en Symantec Norton Mobile Security para Android versiones anteriores a la versión 3.16, lo que podría permitir a un usuario malicioso remoto conducir un ataque de tipo man-in-the-middle por medio de un JavaScript especialmente diseñado. • http://www.securityfocus.com/bid/93900 http://www.securitytracker.com/id/1037225 https://support.symantec.com/us/en/article.symsa1384.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6587
https://notcve.org/view.php?id=CVE-2016-6587
An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information. Existe una vulnerabilidad de Divulgación de Información en el archivo mid.dat almacenado en la tarjeta SD en Symantec Norton Mobile Security para Android versiones anteriores a la versión 3.16, lo que podría permitir a un usuario malicioso local obtener información confidencial. • http://www.securityfocus.com/bid/93858 http://www.securitytracker.com/id/1037225 https://support.symantec.com/us/en/article.symsa1384.html https://vuldb.com/?id.93273 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •