CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 81100 / 375
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2017-13682 In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code. 5.7 0.28% 2017-10-23 2026-06-16
CVE-2024-38495 A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database. 5.3 0.28% 2024-07-15 2026-06-17
CVE-2025-24501 An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. 5.3 0.28% 2025-01-30 2026-06-17
CVE-2025-24505 This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. 8.8 0.28% 2025-01-30 2026-06-17
CVE-2024-38491 The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. 8.4 0.28% 2024-07-15 2026-06-17
CVE-2015-6556 EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. 2.3 0.28% 2015-12-18 2026-06-16
CVE-2025-8660 Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. 5.6 0.29% 2025-08-11 2026-06-17
CVE-2024-38493 A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. 6.8 0.29% 2024-07-15 2026-06-17
CVE-2024-36457 The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. 5.3 0.29% 2024-07-15 2026-06-17
CVE-2015-8150 Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file. 7.8 0.29% 2016-02-18 2026-06-16
CVE-2017-15526 Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario. 6.8 0.29% 2017-11-13 2026-06-16
CVE-2015-8156 Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. 7.8 0.29% 2016-05-13 2026-06-16
CVE-2026-11815 An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution. 5.3 0.29% 2026-06-10 2026-06-17
CVE-2016-6591 A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. 7.1 0.29% 2020-01-08 2026-06-16
CVE-2017-13675 A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. 4.2 0.29% 2017-10-10 2026-06-16
CVE-2019-18373 Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps on the device, thereby allowing the individual to gain access. 5.6 0.30% 2019-11-18 2026-06-16
CVE-2020-5835 Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. 7.0 0.30% 2020-05-11 2026-06-16
CVE-2019-12756 Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. 2.3 0.30% 2019-11-15 2026-06-16
CVE-2013-1610 Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory. 6.8 0.30% 2013-08-05 2026-06-16
CVE-2016-6590 A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code. 7.8 0.32% 2020-01-08 2026-06-16
cvelogic Threat Intelligence