CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3599 – Symantec Endpoint Protection Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-3599
30 Apr 2025 — Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25659 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11035 – Carbon Black Cloud Windows Sensor Information Leak
https://notcve.org/view.php?id=CVE-2024-11035
05 Mar 2025 — Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be susceptible to an Information Leak vulnerability, which s a type of issue whereby sensitive information may b exposed due to a vulnerability in software. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25472 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23958 – Symantec Protection Engine Hash Leak Vulnerability
https://notcve.org/view.php?id=CVE-2023-23958
26 Sep 2023 — Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. Symantec Protection Engine, versiones anteriores a 9.1.0, puede ser susceptible a una vulnerabilidad de Hash Leak. • https://support.broadcom.com/external/content/SecurityAdvisories/0/22599 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23957 – Open Redirection Vulnerability in Symantec Identity Portal 14.4
https://notcve.org/view.php?id=CVE-2023-23957
19 Sep 2023 — An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 Un usuario autenticado puede ver y modificar el valor del parámetro de consulta 'next' en Symantec Identity Portal 14.4 • https://support.broadcom.com/external/content/SecurityAdvisories/0/22544 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25629
https://notcve.org/view.php?id=CVE-2022-25629
09 Dec 2022 — An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). Un usuario autenticado que tiene el privilegio de agregar/editar anotaciones en la pestaña Contenido puede crear una anotación maliciosa que se puede ejecutar en la página de anotaciones (columna de texto de anotación). • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 2CVE-2022-25630 – Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-25630
09 Dec 2022 — An authenticated user can embed malicious content with XSS into the admin group policy page. Un usuario autenticado puede incrustar contenido malicioso con XSS en la página de política del grupo de administración. Symantec Messaging Gateway version 10.7.4 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/171781 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37015
https://notcve.org/view.php?id=CVE-2022-37015
08 Nov 2022 — Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. El dispositivo Symantec Endpoint Detection and Response (SEDR), anterior a 4.7.0, puede ser susceptible a una vulnerabilidad de escalada de privilegios, que es un tipo de problema por el ... • https://support.broadcom.com/external/content/SecurityAdvisories/0/21005 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25623
https://notcve.org/view.php?id=CVE-2022-25623
04 Mar 2022 — The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. Symantec Management Agent es susceptible a una vulnerabilidad de escalada de privilegios. Una cuenta local de bajos privilegios puede ser elevada al nivel SYSTEM mediante manipulaciones del registro • https://support.broadcom.com/external/content/SecurityAdvisories/0/20366 •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2021-30642
https://notcve.org/view.php?id=CVE-2021-30642
27 Apr 2021 — An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges. Un fallo de comprobación de entrada en la Interfaz de Usuario web de Symantec Security Analytics 7.2 anterior a versión 7.2.7, 8.1, anterior a versión 8.1.3-NSR3, 8.2, anterior a versión 8.2.1-NSR2 o 8.2.2, permite a un atacante remoto no autenticado ej... • https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA17969 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2020-12593
https://notcve.org/view.php?id=CVE-2020-12593
18 Nov 2020 — Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Symantec Endpoint Detection & Response, versiones anteriores a 4.5, puede ser susceptible a un problema de divulgación de información, que es un tipo de vulnerabilidad que podría permitir un acceso no autorizado a datos • https://github.com/nasbench/CVE-2020-12593 •