NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2021-30648 | The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance. | 9.8 | 1.45% | 2021-06-30 | 2026-06-16 |
| CVE-2021-30642 | An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges. | 9.8 | 2.67% | 2021-04-27 | 2026-06-16 |
| CVE-2020-12595 | An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4. | 4.9 | 0.86% | 2020-12-10 | 2026-06-16 |
| CVE-2020-12594 | A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4. | 7.2 | 1.49% | 2020-12-10 | 2026-06-16 |
| CVE-2020-12593 | Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 7.5 | 1.97% | 2020-11-18 | 2026-06-16 |
| CVE-2020-5839 | Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 7.5 | 2.00% | 2020-07-08 | 2026-06-16 |
| CVE-2020-5838 | Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users. | 4.8 | 0.69% | 2020-05-13 | 2026-06-16 |
| CVE-2020-5837 | Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. | 7.8 | 0.75% | 2020-05-11 | 2026-06-16 |
| CVE-2020-5836 | Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. | 7.8 | 0.36% | 2020-05-11 | 2026-06-16 |
| CVE-2020-5835 | Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. | 7.0 | 0.30% | 2020-05-11 | 2026-06-16 |
| CVE-2020-5834 | Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. | 5.3 | 1.65% | 2020-05-11 | 2026-06-16 |
| CVE-2020-5833 | Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | 3.3 | 0.34% | 2020-05-11 | 2026-06-16 |
| CVE-2019-18376 | A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC. | 5.9 | 0.70% | 2020-04-09 | 2026-06-16 |
| CVE-2019-18375 | The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. | 6.5 | 1.23% | 2020-04-09 | 2026-06-16 |
| CVE-2020-5832 | Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 0.37% | 2020-04-06 | 2026-06-16 |
| CVE-2020-5831 | Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | 3.3 | 0.35% | 2020-02-11 | 2026-06-16 |
| CVE-2020-5830 | Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | 3.3 | 0.35% | 2020-02-11 | 2026-06-16 |
| CVE-2020-5829 | Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | 3.3 | 0.35% | 2020-02-11 | 2026-06-16 |
| CVE-2020-5828 | Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | 3.3 | 0.35% | 2020-02-11 | 2026-06-16 |
| CVE-2020-5827 | Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | 3.3 | 0.35% | 2020-02-11 | 2026-06-16 |