cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-25629,https://securityvulnerability.io/vulnerability/CVE-2022-25629,Annotation Execution Vulnerability in Broadcom Product,"An authenticated user with permission to add or edit annotations may create a malicious annotation that can be executed on the annotations page, posing a significant security risk. This vulnerability allows for potential exploitation through crafted content that could affect the integrity of the application.",Symantec,Symantec Messaging Gateway,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-12-09T00:00:00.000Z,0
CVE-2022-25630,https://securityvulnerability.io/vulnerability/CVE-2022-25630,Cross-Site Scripting Vulnerability in Symantec Messaging Gateway by Broadcom,"An authenticated user in Symantec Messaging Gateway can exploit a cross-site scripting vulnerability by embedding malicious content within the admin group policy page. This could allow for the execution of arbitrary scripts in the context of an administrator's session, potentially compromising sensitive information or altering configurations without authorization.",Symantec,Symantec Messaging Gateway,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-12-09T00:00:00.000Z,0
CVE-2019-18379,https://securityvulnerability.io/vulnerability/CVE-2019-18379,Server-Side Request Forgery Vulnerability in Symantec Messaging Gateway,"Symantec Messaging Gateway, before version 10.7.3, features a security flaw where an attacker can conduct server-side request forgery (SSRF). This vulnerability allows unauthorized crafting of requests from the backend server, potentially exposing internal services and resources that should be safeguarded from external access, especially those reachable via the loopback interface. Proper security measures should be implemented to mitigate risks associated with this vulnerability and ensure comprehensive protection of systems.",Symantec,Symantec Messaging Gateway,7.3,HIGH,0.0008299999753944576,false,,false,false,false,,,false,false,,2019-12-11T15:49:28.000Z,0
CVE-2019-18378,https://securityvulnerability.io/vulnerability/CVE-2019-18378,Cross-Site Scripting Vulnerability in Symantec Messaging Gateway,"The vulnerability in Symantec Messaging Gateway allows for a cross-site scripting exploit where attackers can inject malicious client-side scripts into web pages. This exploit can enable the attackers to bypass existing access controls, potentially compromising user data and system integrity. Ensuring that your installation is updated to version 10.7.3 or later is crucial to protect against these kinds of vulnerabilities.",Symantec,Symantec Messaging Gateway,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-12-11T15:49:17.000Z,0
CVE-2019-18377,https://securityvulnerability.io/vulnerability/CVE-2019-18377,Privilege Escalation Vulnerability in Symantec Messaging Gateway,"The vulnerability in Symantec Messaging Gateway prior to version 10.7.3 allows attackers to potentially escalate privileges, risking unauthorized access to protected resources. This flaw could enable an attacker to compromise the application and perform actions that are normally restricted, thereby undermining the security integrity of the messaging environment.",Symantec,Symantec Messaging Gateway,7.2,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2019-12-11T15:49:05.000Z,0
CVE-2019-9699,https://securityvulnerability.io/vulnerability/CVE-2019-9699,Information Disclosure Vulnerability in Symantec Messaging Gateway,"The Symantec Messaging Gateway, prior to version 10.7.0, is susceptible to an information disclosure vulnerability. This issue could potentially enable unauthorized individuals to gain access to sensitive data, compromising the confidentiality of the information processed by the gateway. Users are strongly recommended to upgrade to the latest version to mitigate this risk.",Symantec,Symantec Messaging Gateway,4.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2019-10-24T15:32:19.000Z,0
CVE-2019-12751,https://securityvulnerability.io/vulnerability/CVE-2019-12751,Privilege Escalation Vulnerability in Symantec Messaging Gateway,"Symantec Messaging Gateway, prior to version 10.7.1, has a vulnerability that allows an attacker to escalate privileges. This could permit unauthorized users to access restricted resources, posing a significant risk to the integrity of the application and the systems that rely on it. Timely updates and proper security measures are essential to mitigate potential attacks.",Symantec,Symantec Messaging Gateway,9.8,CRITICAL,0.0037700000684708357,false,,false,false,false,,,false,false,,2019-07-11T20:01:31.000Z,0
CVE-2018-12242,https://securityvulnerability.io/vulnerability/CVE-2018-12242,,"The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.",Symantec Corporation,Symantec Messaging Gateway,9.8,CRITICAL,0.0027699999045580626,false,,false,false,false,,,false,false,,2018-09-19T15:29:00.000Z,0
CVE-2018-12243,https://securityvulnerability.io/vulnerability/CVE-2018-12243,,"The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.",Symantec Corporation,Symantec Messaging Gateway,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2018-09-19T15:29:00.000Z,0
CVE-2016-5310,https://securityvulnerability.io/vulnerability/CVE-2016-5310,,"The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.",Symantec,"Protection Engine,Protection For Sharepoint Servers,Mail Security For Microsoft Exchange,Messaging Gateway,Mail Security For Domino,Endpoint Protection,Endpoint Protection For Small Business,Web Security.cloud,Messaging Gateway For Service Providers,Advanced Threat Protection,Email Security.cloud,Endpoint Protection Cloud,CSAPi,Web Gateway,Symantec Data Center Security Server",5.5,MEDIUM,0.0062500000931322575,false,,false,false,false,,,false,false,,2017-04-14T18:00:00.000Z,0
CVE-2016-5309,https://securityvulnerability.io/vulnerability/CVE-2016-5309,,"The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.",Symantec,"Protection Engine,Protection For Sharepoint Servers,Mail Security For Microsoft Exchange,Messaging Gateway,Mail Security For Domino,Endpoint Protection,Endpoint Protection For Small Business,Web Security.cloud,Messaging Gateway For Service Providers,Advanced Threat Protection,Email Security.cloud,Endpoint Protection Cloud,CSAPi,Web Gateway,Symantec Data Center Security Server",5.5,MEDIUM,0.0030300000216811895,false,,false,false,false,,,false,false,,2017-04-14T18:00:00.000Z,0