Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2020-12593 | Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 7.5 | 1.97% | 2020-11-18 | 2026-06-16 |
| CVE-2020-5839 | Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 7.5 | 2.00% | 2020-07-08 | 2026-06-16 |
| CVE-2020-5837 | Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. | 7.8 | 0.75% | 2020-05-11 | 2026-06-16 |
| CVE-2020-5836 | Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. | 7.8 | 0.36% | 2020-05-11 | 2026-06-16 |
| CVE-2020-5835 | Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. | 7.0 | 0.30% | 2020-05-11 | 2026-06-16 |
| CVE-2019-18375 | The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. | 6.5 | 1.23% | 2020-04-09 | 2026-06-16 |
| CVE-2020-5832 | Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 0.37% | 2020-04-06 | 2026-06-16 |
| CVE-2020-5823 | Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 0.39% | 2020-02-11 | 2026-06-16 |
| CVE-2020-5822 | Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 0.39% | 2020-02-11 | 2026-06-16 |
| CVE-2020-5821 | Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit. | 7.8 | 0.43% | 2020-02-11 | 2026-06-16 |
| CVE-2020-5820 | Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 0.39% | 2020-02-11 | 2026-06-16 |
| CVE-2016-6592 | A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead of the intended DLL and execute arbitrary code when the Norton Download Manager component is run by the target user. | 7.8 | 0.96% | 2020-01-14 | 2026-06-16 |
| CVE-2019-19548 | Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 0.39% | 2020-01-14 | 2026-06-16 |
| CVE-2019-19547 | Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | 6.1 | 1.38% | 2020-01-13 | 2026-06-16 |
| CVE-2016-5311 | A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. | 7.8 | 0.71% | 2020-01-09 | 2026-06-16 |
| CVE-2016-6593 | A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code. | 7.8 | 0.81% | 2020-01-08 | 2026-06-16 |
| CVE-2016-6591 | A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. | 7.1 | 0.29% | 2020-01-08 | 2026-06-16 |
| CVE-2016-6590 | A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code. | 7.8 | 0.32% | 2020-01-08 | 2026-06-16 |
| CVE-2016-6589 | A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0. | 6.5 | 1.68% | 2020-01-08 | 2026-06-16 |
| CVE-2019-18379 | Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. | 7.3 | 1.12% | 2019-12-11 | 2026-06-16 |