cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0893,https://securityvulnerability.io/vulnerability/CVE-2025-0893,Privilege Escalation Vulnerability in Symantec Diagnostic Tool by Broadcom,"The Symantec Diagnostic Tool, known for assisting in the diagnosis of system issues, is susceptible to a privilege escalation vulnerability in versions prior to 3.0.79. This issue could allow an unauthorized user to gain elevated privileges, leading to potential unauthorized access and manipulation of critical system functions. It is crucial for users to update to the latest version to mitigate risks associated with this vulnerability. For further remediation steps and technical details, refer to the official advisory.",Symantec,Symantec Diagnostic Tool,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-19T17:56:19.166Z,0
CVE-2023-7255,https://securityvulnerability.io/vulnerability/CVE-2023-7255,Symantec's Norton Antivirus Now Effectively a Legacy Product,"A vulnerability has been identified as a duplicate within the affected vendor's product line, indicating that it will not be used for tracking further issues. This situation underscores the importance of robust security protocols and the need for continuous monitoring and updates to safeguard systems against emerging threats.",Symantec,,,,0.01,false,,false,false,false,,,false,false,,2024-12-03T18:15:00.000Z,0
CVE-2024-23613,https://securityvulnerability.io/vulnerability/CVE-2024-23613,Symantec Deployment Solution Remote Code Execution,"A vulnerability exists in Symantec Deployment Solution version 7.9 related to buffer overflow during the processing of UpdateComputer tokens. This flaw allows a remote, unauthorized attacker the potential to execute arbitrary code with SYSTEM privileges, posing significant risks to system integrity and confidentiality. Organizations using this version should assess their exposure and apply relevant mitigations.",Symantec,Deployment Solution,9.8,CRITICAL,0.009239999577403069,false,,false,false,false,,,false,false,,2024-01-26T00:15:00.000Z,0
CVE-2024-23614,https://securityvulnerability.io/vulnerability/CVE-2024-23614,Symantec Messaging Gateway Buffer Overflow,"A buffer overflow vulnerability has been identified in Symantec Messaging Gateway versions 9.5 and earlier. This weakness allows remote, anonymous attackers to exploit the system and execute arbitrary code with root privileges. The vulnerability poses significant risks to the security and functionality of messaging infrastructures, highlighting the importance of timely software updates and patches to mitigate potential threats.",Symantec,Messaging Gateway,9.8,CRITICAL,0.010739999823272228,false,,false,false,false,,,false,false,,2024-01-26T00:15:00.000Z,0
CVE-2024-23616,https://securityvulnerability.io/vulnerability/CVE-2024-23616,Symantec Server Management Suite Buffer Overflow,"A buffer overflow vulnerability exists in Symantec Server Management Suite, specifically affecting versions 7.9 and earlier. This flaw can be exploited by a remote, anonymous attacker, potentially allowing them to execute arbitrary code with SYSTEM privileges. The exploitation poses a serious threat to the integrity and confidentiality of affected systems, necessitating prompt remediation measures.",Symantec,Server Management Suite,9.8,CRITICAL,0.010739999823272228,false,,false,false,false,,,false,false,,2024-01-26T00:15:00.000Z,0
CVE-2024-23615,https://securityvulnerability.io/vulnerability/CVE-2024-23615,Remote Code Execution Vulnerability in Symantec Messaging Gateway,"A buffer overflow vulnerability has been identified in Symantec Messaging Gateway, specifically in versions 10.5 and earlier. This flaw allows a remote and anonymous attacker to exploit the vulnerability, potentially leading to remote code execution with root privileges. Organizations utilizing affected versions of Symantec Messaging Gateway should prioritize implementing security updates and patching procedures to guard against potential attacks leveraging this vulnerability. Awareness and proactive measures are essential in securing systems against remote exploitation risks.",Symantec,Messaging Gateway,9.8,CRITICAL,0.010739999823272228,false,,false,false,false,,,false,false,,2024-01-26T00:15:00.000Z,0
CVE-2024-23617,https://securityvulnerability.io/vulnerability/CVE-2024-23617,Symantec Data Loss Prevention Buffer Overflow,"A buffer overflow vulnerability has been identified in Symantec Data Loss Prevention, specifically in version 14.0.2 and prior versions. This security issue allows a remote, unauthenticated attacker to exploit the system by convincing a user to open a specially crafted document. If successful, this exploitation could lead to unauthorized code execution on the victim's machine, potentially compromising sensitive data and impacting overall system integrity. Organizations relying on this software should evaluate their current version and take necessary precautions to mitigate potential risks.",Symantec,Data Loss Prevention,8.8,HIGH,0.0056500001810491085,false,,false,false,false,,,false,false,,2024-01-26T00:15:00.000Z,0
CVE-2023-23958,https://securityvulnerability.io/vulnerability/CVE-2023-23958,Symantec Protection Engine Hash Leak Vulnerability,"Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability.

",Symantec,Symantec Protection Engine,6.8,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-09-27T15:18:00.000Z,0
CVE-2023-23957,https://securityvulnerability.io/vulnerability/CVE-2023-23957,Open Redirection Vulnerability in Symantec Identity Portal 14.4,An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4,Symantec - A Division of Broadcom,Symantec Identity Governance And Administration,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-09-19T13:16:00.000Z,0
CVE-2022-25629,https://securityvulnerability.io/vulnerability/CVE-2022-25629,Annotation Execution Vulnerability in Broadcom Product,"An authenticated user with permission to add or edit annotations may create a malicious annotation that can be executed on the annotations page, posing a significant security risk. This vulnerability allows for potential exploitation through crafted content that could affect the integrity of the application.",Symantec,Symantec Messaging Gateway,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-12-09T00:00:00.000Z,0
CVE-2022-25630,https://securityvulnerability.io/vulnerability/CVE-2022-25630,Cross-Site Scripting Vulnerability in Symantec Messaging Gateway by Broadcom,"An authenticated user in Symantec Messaging Gateway can exploit a cross-site scripting vulnerability by embedding malicious content within the admin group policy page. This could allow for the execution of arbitrary scripts in the context of an administrator's session, potentially compromising sensitive information or altering configurations without authorization.",Symantec,Symantec Messaging Gateway,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-12-09T00:00:00.000Z,0
CVE-2022-37015,https://securityvulnerability.io/vulnerability/CVE-2022-37015,Privilege Escalation in Symantec Endpoint Detection and Response by Broadcom,"The Symantec Endpoint Detection and Response (SEDR) Appliance prior to version 4.7.0 contains a vulnerability that allows attackers to exploit the system and gain elevated access to protected resources. By potentially compromising the software application, an attacker may manipulate sensitive functions and information, heightening the risk of unauthorized operations and data breaches within the enterprise environment.",Symantec,Symantec Endpoint Detection And Response,9.8,CRITICAL,0.0018100000452250242,false,,false,false,false,,,false,false,,2022-11-08T00:00:00.000Z,0
CVE-2022-25623,https://securityvulnerability.io/vulnerability/CVE-2022-25623,Privilege Escalation Vulnerability in Symantec Management Agent by Broadcom,"The Symantec Management Agent is exposed to a privilege escalation issue that enables a low-privileged local user to gain SYSTEM-level access. This security flaw is exploited via manipulation of the Windows registry, which can lead to unauthorized activities on the affected system. Organizations using this agent should promptly review their configurations and apply necessary measures to mitigate potential risks.",Symantec,Symantec Management Agent,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-03-04T16:08:00.000Z,0
CVE-2021-30642,https://securityvulnerability.io/vulnerability/CVE-2021-30642,Input Validation Flaw in Symantec Security Analytics Web UI,"An input validation flaw exists in the web UI of Symantec Security Analytics versions 7.2 prior to 7.2.7, 8.1 before 8.1.3-NSR3, and 8.2 before 8.2.1-NSR2/8.2.2. This security issue enables an attacker to send specially crafted requests, allowing them to execute arbitrary operating system commands with elevated privileges on the affected system without needing authentication. This flaw poses significant security risks, as it could lead to unauthorized access and manipulation of sensitive data within the environment. It is essential for users to apply the relevant updates to secure their installations against potential exploits.",Symantec,Symantec Security Analytics,9.8,CRITICAL,0.0026599999982863665,false,,false,false,false,,,false,false,,2021-04-27T14:49:37.000Z,0
CVE-2020-12593,https://securityvulnerability.io/vulnerability/CVE-2020-12593,Information Disclosure in Symantec Endpoint Detection & Response,"The information disclosure vulnerability in Symantec Endpoint Detection & Response, prior to version 4.5, poses a risk by potentially allowing unauthorized users to access sensitive data. This issue underscores the importance of timely software updates and vigilant security practices to safeguard confidential information from exposure.",Symantec,Symantec Endpoint Detection & Response (sedr),7.5,HIGH,0.001290000043809414,false,,false,false,true,2021-04-03T16:41:24.000Z,true,false,false,,2020-11-18T22:40:41.000Z,0
CVE-2020-5839,https://securityvulnerability.io/vulnerability/CVE-2020-5839,Information Disclosure Vulnerability in Symantec Endpoint Detection And Response,"Symantec Endpoint Detection And Response, prior to version 4.4, has a vulnerability that may permit unauthorized access to sensitive data, potentially compromising information security. This information disclosure issue underscores the importance of updating software to safeguard against data leaks.",Symantec,Symantec Endpoint Detection And Response,7.5,HIGH,0.001290000043809414,false,,false,false,true,2021-04-03T16:35:38.000Z,true,false,false,,2020-07-08T15:08:54.000Z,0
CVE-2020-5838,https://securityvulnerability.io/vulnerability/CVE-2020-5838,Cross-Site Scripting Vulnerability in Symantec IT Analytics from Broadcom,"The vulnerability in Symantec IT Analytics allows for the injection of client-side scripts into web pages viewed by users, potentially enabling attackers to execute malicious scripts. This XSS flaw could affect the integrity of data presented to the user and compromise sensitive information. Organizations utilizing versions prior to 2.9.1 should urgently implement patches or updates to mitigate this risk.",Symantec,It Analytics,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-05-13T15:42:20.000Z,0
CVE-2020-5837,https://securityvulnerability.io/vulnerability/CVE-2020-5837,Elevation of Privilege Vulnerability in Symantec Endpoint Protection by Broadcom,"A vulnerability exists in Symantec Endpoint Protection, where improper handling of file permissions allows log files to be replaced using symbolic links. This flaw can enable attackers to potentially gain unauthorized access, leading to an escalation of privileges within the system.",Symantec,Symantec Endpoint Protection,7.8,HIGH,0.00044999999227002263,false,,false,false,true,2020-04-16T08:15:18.000Z,true,false,false,,2020-05-11T19:25:45.000Z,0
CVE-2020-5836,https://securityvulnerability.io/vulnerability/CVE-2020-5836,File Access Control Reset Vulnerability in Symantec Endpoint Protection,"A vulnerability exists in Symantec Endpoint Protection that could allow an attacker with limited user privileges to alter file Access Control Lists (ACLs). This issue is particularly concerning when the Tamper Protection feature is disabled, as it opens avenues for unauthorized modifications to file permissions, potentially leading to data exposure or manipulation.",Symantec,Symantec Endpoint Protection,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-05-11T19:23:11.000Z,0
CVE-2020-5835,https://securityvulnerability.io/vulnerability/CVE-2020-5835,Race Condition Vulnerability in Symantec Endpoint Protection Manager,"A race condition exists in the client remote deployment feature of Symantec Endpoint Protection Manager, which allows unauthorized users to execute arbitrary code with elevated privileges on affected remote systems. This vulnerability may be exploited by an attacker to gain increased access rights, potentially compromising sensitive data and operations within the managed environment.",Symantec,Symantec Endpoint Protection Manager,7,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-05-11T19:22:58.000Z,0
CVE-2020-5834,https://securityvulnerability.io/vulnerability/CVE-2020-5834,Directory Traversal Vulnerability in Symantec Endpoint Protection Manager,"A directory traversal vulnerability exists in Symantec Endpoint Protection Manager, allowing remote actors to exploit this weakness. By manipulating directory paths, an attacker could potentially gain knowledge about file sizes within the directory structure, leading to unauthorized access to sensitive information. This issue specifically affects versions prior to 14.3, emphasizing the need for users to ensure their systems are up-to-date to mitigate risks associated with this exposure.",Symantec,Symantec Endpoint Protection Manager,5.3,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2020-05-11T19:19:56.000Z,0
CVE-2020-5833,https://securityvulnerability.io/vulnerability/CVE-2020-5833,Out of Bounds Vulnerability in Symantec Endpoint Protection Manager,"Symantec Endpoint Protection Manager, versions prior to 14.3, has a vulnerability that allows potentially malicious entities to read memory locations that are outside the allocated memory space of the application. This could lead to unauthorized access to sensitive information, posing a significant risk to security and privacy.",Symantec,Symantec Endpoint Protection Manager,3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-05-11T19:19:45.000Z,0
CVE-2019-18376,https://securityvulnerability.io/vulnerability/CVE-2019-18376,CSRF Token Disclosure in Broadcom Management Center Products,"A vulnerability in the Broadcom Management Center allows attackers to disclose CSRF tokens by accessing an authenticated user's web browser history or exploiting network devices that log or intercept traffic. This exposure facilitates CSRF attacks, potentially compromising the integrity of the Management Center and its operations.",Symantec,Symantec Management Center (mc),5.9,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2020-04-10T00:15:00.000Z,0
CVE-2020-5832,https://securityvulnerability.io/vulnerability/CVE-2020-5832,Privilege Escalation Vulnerability in Symantec Data Center Security Manager,"The Symantec Data Center Security Manager component, versions before 6.8.2, is vulnerable to a privilege escalation issue. An attacker could potentially exploit this vulnerability to gain elevated access to restricted resources within the application, undermining the security guarantees intended to protect sensitive data and operations. Such elevated access could lead to unauthorized actions and increased risks to the integrity of the system.",Symantec,Data Center Security Manager Component,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-04-06T19:22:18.000Z,0
CVE-2020-5831,https://securityvulnerability.io/vulnerability/CVE-2020-5831,Out of Bounds Vulnerability in Symantec Endpoint Protection Manager,"The Symantec Endpoint Protection Manager (SEPM) versions before 14.2 RU2 MP1 are affected by an out of bounds vulnerability. This flaw allows the application to read memory outside the allocated boundaries, potentially exposing sensitive data or leading to unintended application behavior. Organizations using affected versions are advised to upgrade to mitigate the risks associated with this vulnerability.",Symantec,Symantec Endpoint Protection Manager (sepm),3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-02-11T17:12:59.000Z,0