cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0893,https://securityvulnerability.io/vulnerability/CVE-2025-0893,Privilege Escalation Vulnerability in Symantec Diagnostic Tool by Broadcom,"The Symantec Diagnostic Tool, known for assisting in the diagnosis of system issues, is susceptible to a privilege escalation vulnerability in versions prior to 3.0.79. This issue could allow an unauthorized user to gain elevated privileges, leading to potential unauthorized access and manipulation of critical system functions. It is crucial for users to update to the latest version to mitigate risks associated with this vulnerability. For further remediation steps and technical details, refer to the official advisory.",Symantec,Symantec Diagnostic Tool,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-19T17:56:19.166Z,0
CVE-2024-23617,https://securityvulnerability.io/vulnerability/CVE-2024-23617,Symantec Data Loss Prevention Buffer Overflow,"A buffer overflow vulnerability has been identified in Symantec Data Loss Prevention, specifically in version 14.0.2 and prior versions. This security issue allows a remote, unauthenticated attacker to exploit the system by convincing a user to open a specially crafted document. If successful, this exploitation could lead to unauthorized code execution on the victim's machine, potentially compromising sensitive data and impacting overall system integrity. Organizations relying on this software should evaluate their current version and take necessary precautions to mitigate potential risks.",Symantec,Data Loss Prevention,8.8,HIGH,0.0056500001810491085,false,,false,false,false,,,false,false,,2024-01-26T00:15:00.000Z,0
CVE-2024-23616,https://securityvulnerability.io/vulnerability/CVE-2024-23616,Symantec Server Management Suite Buffer Overflow,"A buffer overflow vulnerability exists in Symantec Server Management Suite, specifically affecting versions 7.9 and earlier. This flaw can be exploited by a remote, anonymous attacker, potentially allowing them to execute arbitrary code with SYSTEM privileges. The exploitation poses a serious threat to the integrity and confidentiality of affected systems, necessitating prompt remediation measures.",Symantec,Server Management Suite,9.8,CRITICAL,0.010739999823272228,false,,false,false,false,,,false,false,,2024-01-26T00:15:00.000Z,0
CVE-2024-23615,https://securityvulnerability.io/vulnerability/CVE-2024-23615,Remote Code Execution Vulnerability in Symantec Messaging Gateway,"A buffer overflow vulnerability has been identified in Symantec Messaging Gateway, specifically in versions 10.5 and earlier. This flaw allows a remote and anonymous attacker to exploit the vulnerability, potentially leading to remote code execution with root privileges. Organizations utilizing affected versions of Symantec Messaging Gateway should prioritize implementing security updates and patching procedures to guard against potential attacks leveraging this vulnerability. Awareness and proactive measures are essential in securing systems against remote exploitation risks.",Symantec,Messaging Gateway,9.8,CRITICAL,0.010739999823272228,false,,false,false,false,,,false,false,,2024-01-26T00:15:00.000Z,0
CVE-2024-23613,https://securityvulnerability.io/vulnerability/CVE-2024-23613,Symantec Deployment Solution Remote Code Execution,"A vulnerability exists in Symantec Deployment Solution version 7.9 related to buffer overflow during the processing of UpdateComputer tokens. This flaw allows a remote, unauthorized attacker the potential to execute arbitrary code with SYSTEM privileges, posing significant risks to system integrity and confidentiality. Organizations using this version should assess their exposure and apply relevant mitigations.",Symantec,Deployment Solution,9.8,CRITICAL,0.009239999577403069,false,,false,false,false,,,false,false,,2024-01-26T00:15:00.000Z,0
CVE-2024-23614,https://securityvulnerability.io/vulnerability/CVE-2024-23614,Symantec Messaging Gateway Buffer Overflow,"A buffer overflow vulnerability has been identified in Symantec Messaging Gateway versions 9.5 and earlier. This weakness allows remote, anonymous attackers to exploit the system and execute arbitrary code with root privileges. The vulnerability poses significant risks to the security and functionality of messaging infrastructures, highlighting the importance of timely software updates and patches to mitigate potential threats.",Symantec,Messaging Gateway,9.8,CRITICAL,0.010739999823272228,false,,false,false,false,,,false,false,,2024-01-26T00:15:00.000Z,0
CVE-2022-37015,https://securityvulnerability.io/vulnerability/CVE-2022-37015,Privilege Escalation in Symantec Endpoint Detection and Response by Broadcom,"The Symantec Endpoint Detection and Response (SEDR) Appliance prior to version 4.7.0 contains a vulnerability that allows attackers to exploit the system and gain elevated access to protected resources. By potentially compromising the software application, an attacker may manipulate sensitive functions and information, heightening the risk of unauthorized operations and data breaches within the enterprise environment.",Symantec,Symantec Endpoint Detection And Response,9.8,CRITICAL,0.0018100000452250242,false,,false,false,false,,,false,false,,2022-11-08T00:00:00.000Z,0
CVE-2022-25623,https://securityvulnerability.io/vulnerability/CVE-2022-25623,Privilege Escalation Vulnerability in Symantec Management Agent by Broadcom,"The Symantec Management Agent is exposed to a privilege escalation issue that enables a low-privileged local user to gain SYSTEM-level access. This security flaw is exploited via manipulation of the Windows registry, which can lead to unauthorized activities on the affected system. Organizations using this agent should promptly review their configurations and apply necessary measures to mitigate potential risks.",Symantec,Symantec Management Agent,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-03-04T16:08:00.000Z,0
CVE-2021-30642,https://securityvulnerability.io/vulnerability/CVE-2021-30642,Input Validation Flaw in Symantec Security Analytics Web UI,"An input validation flaw exists in the web UI of Symantec Security Analytics versions 7.2 prior to 7.2.7, 8.1 before 8.1.3-NSR3, and 8.2 before 8.2.1-NSR2/8.2.2. This security issue enables an attacker to send specially crafted requests, allowing them to execute arbitrary operating system commands with elevated privileges on the affected system without needing authentication. This flaw poses significant security risks, as it could lead to unauthorized access and manipulation of sensitive data within the environment. It is essential for users to apply the relevant updates to secure their installations against potential exploits.",Symantec,Symantec Security Analytics,9.8,CRITICAL,0.0026599999982863665,false,,false,false,false,,,false,false,,2021-04-27T14:49:37.000Z,0
CVE-2020-12593,https://securityvulnerability.io/vulnerability/CVE-2020-12593,Information Disclosure in Symantec Endpoint Detection & Response,"The information disclosure vulnerability in Symantec Endpoint Detection & Response, prior to version 4.5, poses a risk by potentially allowing unauthorized users to access sensitive data. This issue underscores the importance of timely software updates and vigilant security practices to safeguard confidential information from exposure.",Symantec,Symantec Endpoint Detection & Response (sedr),7.5,HIGH,0.001290000043809414,false,,false,false,true,2021-04-03T16:41:24.000Z,true,false,false,,2020-11-18T22:40:41.000Z,0
CVE-2020-5839,https://securityvulnerability.io/vulnerability/CVE-2020-5839,Information Disclosure Vulnerability in Symantec Endpoint Detection And Response,"Symantec Endpoint Detection And Response, prior to version 4.4, has a vulnerability that may permit unauthorized access to sensitive data, potentially compromising information security. This information disclosure issue underscores the importance of updating software to safeguard against data leaks.",Symantec,Symantec Endpoint Detection And Response,7.5,HIGH,0.001290000043809414,false,,false,false,true,2021-04-03T16:35:38.000Z,true,false,false,,2020-07-08T15:08:54.000Z,0
CVE-2020-5837,https://securityvulnerability.io/vulnerability/CVE-2020-5837,Elevation of Privilege Vulnerability in Symantec Endpoint Protection by Broadcom,"A vulnerability exists in Symantec Endpoint Protection, where improper handling of file permissions allows log files to be replaced using symbolic links. This flaw can enable attackers to potentially gain unauthorized access, leading to an escalation of privileges within the system.",Symantec,Symantec Endpoint Protection,7.8,HIGH,0.00044999999227002263,false,,false,false,true,2020-04-16T08:15:18.000Z,true,false,false,,2020-05-11T19:25:45.000Z,0
CVE-2020-5836,https://securityvulnerability.io/vulnerability/CVE-2020-5836,File Access Control Reset Vulnerability in Symantec Endpoint Protection,"A vulnerability exists in Symantec Endpoint Protection that could allow an attacker with limited user privileges to alter file Access Control Lists (ACLs). This issue is particularly concerning when the Tamper Protection feature is disabled, as it opens avenues for unauthorized modifications to file permissions, potentially leading to data exposure or manipulation.",Symantec,Symantec Endpoint Protection,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-05-11T19:23:11.000Z,0
CVE-2020-5835,https://securityvulnerability.io/vulnerability/CVE-2020-5835,Race Condition Vulnerability in Symantec Endpoint Protection Manager,"A race condition exists in the client remote deployment feature of Symantec Endpoint Protection Manager, which allows unauthorized users to execute arbitrary code with elevated privileges on affected remote systems. This vulnerability may be exploited by an attacker to gain increased access rights, potentially compromising sensitive data and operations within the managed environment.",Symantec,Symantec Endpoint Protection Manager,7,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-05-11T19:22:58.000Z,0
CVE-2020-5832,https://securityvulnerability.io/vulnerability/CVE-2020-5832,Privilege Escalation Vulnerability in Symantec Data Center Security Manager,"The Symantec Data Center Security Manager component, versions before 6.8.2, is vulnerable to a privilege escalation issue. An attacker could potentially exploit this vulnerability to gain elevated access to restricted resources within the application, undermining the security guarantees intended to protect sensitive data and operations. Such elevated access could lead to unauthorized actions and increased risks to the integrity of the system.",Symantec,Data Center Security Manager Component,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-04-06T19:22:18.000Z,0
CVE-2020-5823,https://securityvulnerability.io/vulnerability/CVE-2020-5823,Privilege Escalation Vulnerability in Symantec Endpoint Protection Products,"Certain versions of Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) may allow attackers to exploit a privilege escalation vulnerability. This flaw could enable unauthorized access to protected resources, compromising the application's integrity and security posture. Users are encouraged to update their software to the latest versions to mitigate potential security risks.",Symantec,Symantec Endpoint Protection (sep) And Symantec Endpoint Protection Small Business Edition (sep Sbe),7.8,HIGH,0.0016400000313296914,false,,false,false,false,,,false,false,,2020-02-11T17:04:40.000Z,0
CVE-2020-5822,https://securityvulnerability.io/vulnerability/CVE-2020-5822,Privilege Escalation Vulnerability in Symantec Endpoint Protection,"Symantec Endpoint Protection and its Small Business Edition are affected by a privilege escalation vulnerability, allowing attackers with low-level access to potentially escalate their privileges and gain unauthorized access to critical system resources. This vulnerability arises from insufficient protection mechanisms within the applications, which can be exploited if the software is not updated to the latest versions.",Symantec,Symantec Endpoint Protection (sep) And Symantec Endpoint Protection Small Business Edition (sep Sbe),7.8,HIGH,0.0016400000313296914,false,,false,false,false,,,false,false,,2020-02-11T17:04:33.000Z,0
CVE-2020-5821,https://securityvulnerability.io/vulnerability/CVE-2020-5821,DLL Injection Vulnerability in Symantec Endpoint Protection Products,"Symantec Endpoint Protection and Symantec Endpoint Protection Small Business Edition are vulnerable to a DLL injection attack, which allows an attacker to execute unauthorized code within the context of the application. This can compromise system integrity by replacing legitimate processes with malicious code, leading to potential data breaches and unauthorized access to sensitive information. Users are advised to update their software to the latest versions to mitigate this risk.",Symantec,Symantec Endpoint Protection (sep) And Symantec Endpoint Protection Small Business Edition (sep Sbe),7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-02-11T17:02:07.000Z,0
CVE-2020-5820,https://securityvulnerability.io/vulnerability/CVE-2020-5820,Privilege Escalation Issue in Symantec Endpoint Protection Software,"The vulnerability found in Symantec Endpoint Protection and its Small Business Edition allows attackers to exploit the software, potentially gaining elevated privileges that would enable access to restricted resources. This could lead to unauthorized actions being performed on the system, posing significant security risks to affected environments. Users are encouraged to update their software to mitigate the risks associated with this vulnerability.",Symantec,Symantec Endpoint Protection (sep) And Symantec Endpoint Protection Small Business Edition (sep Sbe),7.8,HIGH,0.0016400000313296914,false,,false,false,false,,,false,false,,2020-02-11T17:01:32.000Z,0
CVE-2016-6592,https://securityvulnerability.io/vulnerability/CVE-2016-6592,Remote Code Execution Vulnerability in Symantec Norton Download Manager,"A security flaw exists in the Norton Download Manager where a remote attacker can exploit the vulnerability by crafting a malicious DLL file. When this DLL is placed on the target system, it can be loaded instead of the legitimate DLL by the Norton Download Manager. This allows the attacker to execute arbitrary code on the target machine, potentially resulting in unauthorized access and system compromise.",Symantec,Norton Download Manager,7.8,HIGH,0.0478999987244606,false,,false,false,false,,,false,false,,2020-01-14T20:50:23.000Z,0
CVE-2019-19548,https://securityvulnerability.io/vulnerability/CVE-2019-19548,Privilege Escalation Issue in Norton Power Eraser by Symantec,"Norton Power Eraser, prior to version 5.3.0.67, contains a vulnerability that may allow attackers to escalate privileges within the application. This could enable unauthorized access to protected resources, thereby compromising the integrity of the system. Users are advised to update to the latest version to mitigate potential risks and bolster their security posture.",Symantec,Norton Power Eraser,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-01-14T18:00:22.000Z,0
CVE-2016-5311,https://securityvulnerability.io/vulnerability/CVE-2016-5311,Privilege Escalation Vulnerability in Symantec Norton Products,"A privilege escalation vulnerability has been identified in a range of Symantec Norton products, stemming from improper DLL preloading that lacks appropriate path restrictions. This security flaw could enable a local malicious user to gain unauthorized system privileges, potentially allowing them to execute arbitrary code with elevated rights, thereby compromising the affected system's integrity and security.",Symantec,"Norton Antivirus, Norton Antivirus With Backup, Norton Security, Norton Security With Backup, Norton Internet Security, Norton 360,Endpoint Protection Small Business Edition Cloud, And Endpoint Protection Cloud Client",7.8,HIGH,0.0022799998987466097,false,,false,false,false,,,false,false,,2020-01-09T19:30:52.000Z,0
CVE-2016-6590,https://securityvulnerability.io/vulnerability/CVE-2016-6590,Privilege Escalation Vulnerability in Symantec IT Management Suite and Encryption Products,"A vulnerability exists in certain Symantec products that enables a local malicious user to execute arbitrary code due to improper handling of DLL files during system boot and reboot processes. This affects multiple versions of Symantec IT Management Suite, Ghost Solution Suite, Endpoint Virtualization, and Encryption Desktop, creating significant security risks for enterprise environments relying on these solutions. It is essential for users to apply the appropriate patches or updates to safeguard against potential exploitation.",Symantec,"It Management Suite,Ghost Solution Suite,Symantec Endpoint Virtualization,Encryption Desktop",7.8,HIGH,0.0023399998899549246,false,,false,false,false,,,false,false,,2020-01-08T15:43:33.000Z,0
CVE-2016-6591,https://securityvulnerability.io/vulnerability/CVE-2016-6591,Bypass Security Vulnerability in Symantec Norton App Lock,"A security bypass vulnerability has been identified in Symantec Norton App Lock 1.0.3.186 and earlier versions. This flaw primarily affects systems with application pinning enabled, potentially allowing a local malicious user to circumvent implemented security measures and access restricted functionalities. It is crucial for users and administrators to review their configurations and apply any available updates to mitigate this risk.",Symantec,Norton App Lock,7.1,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-01-08T15:23:00.000Z,0
CVE-2016-6593,https://securityvulnerability.io/vulnerability/CVE-2016-6593,Code Execution Vulnerability in Symantec VIP Access Desktop,"A vulnerability in Symantec VIP Access Desktop allows local malicious users to execute arbitrary code during startup due to flaws in the jhi.dll and otpiha.dll components. Users running versions earlier than 2.2.2 are particularly at risk, as this issue can be exploited if an attacker gains local access to the system. Proper precautions should be taken to ensure the application is updated to mitigate any potential risks.",Symantec,Vip Access Desktop,7.8,HIGH,0.021239999681711197,false,,false,false,false,,,false,false,,2020-01-08T15:02:07.000Z,0