Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for norton_password_manager by symantec

    CVE-2019-12755 (GCVE-0-2019-12755)

    Vulnerability from nvd – Published: 2019-09-17 15:49 – Updated: 2024-08-04 23:32
    VLAI
    Summary
    Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:55.302Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1493.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Norton Password Manager",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 6.5.0.2104"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-17T15:49:23.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1493.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-12755",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Norton Password Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 6.5.0.2104"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1493.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1493.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-12755",
        "datePublished": "2019-09-17T15:49:23.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:32:55.302Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18365 (GCVE-0-2018-18365)

    Vulnerability from nvd – Published: 2019-04-09 19:04 – Updated: 2024-08-05 11:08
    VLAI
    Summary
    Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.
    Severity
    No CVSS data available.
    CWE
    • Address Spoof
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Norton Password Manager Affected: Prior to 6.2.0.1078 (Android) & 6.2.309 (iOS)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:08:21.553Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/en_US/article.SYMSA1475.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Norton Password Manager",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 6.2.0.1078 (Android) \u0026 6.2.309 (iOS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Address Spoof",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-09T19:04:35.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/en_US/article.SYMSA1475.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2018-18365",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Norton Password Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 6.2.0.1078 (Android) \u0026 6.2.309 (iOS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Address Spoof"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/en_US/article.SYMSA1475.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/en_US/article.SYMSA1475.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2018-18365",
        "datePublished": "2019-04-09T19:04:35.000Z",
        "dateReserved": "2018-10-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:08:21.553Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18362 (GCVE-0-2018-18362)

    Vulnerability from nvd – Published: 2018-12-06 19:00 – Updated: 2024-08-05 11:08
    VLAI
    Summary
    Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
    Severity
    No CVSS data available.
    CWE
    • Cross Site Scripting
    Assigner
    References
    Impacted products
    Date Public
    2018-12-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:08:21.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/en_US/article.SYMSA1470.html"
              },
              {
                "name": "106055",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106055"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Norton Password Manager",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 6.1.0.1045"
                }
              ]
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-07T10:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.symantec.com/en_US/article.SYMSA1470.html"
            },
            {
              "name": "106055",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106055"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2018-18362",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Norton Password Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 6.1.0.1045"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/en_US/article.SYMSA1470.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.symantec.com/en_US/article.SYMSA1470.html"
                },
                {
                  "name": "106055",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106055"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2018-18362",
        "datePublished": "2018-12-06T19:00:00.000Z",
        "dateReserved": "2018-10-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:08:21.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-12240 (GCVE-0-2018-12240)

    Vulnerability from nvd – Published: 2018-08-29 20:00 – Updated: 2024-09-16 23:31
    VLAI
    Summary
    The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Date Public
    2018-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:30:59.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105146",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105146"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/en_US/article.SYMSA1460.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Norton Identity Safe for Android",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 5.3.0.976"
                }
              ]
            }
          ],
          "datePublic": "2018-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-30T09:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "105146",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105146"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.symantec.com/en_US/article.SYMSA1460.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2018-08-22T00:00:00",
              "ID": "CVE-2018-12240",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Norton Identity Safe for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 5.3.0.976"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105146",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105146"
                },
                {
                  "name": "https://support.symantec.com/en_US/article.SYMSA1460.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.symantec.com/en_US/article.SYMSA1460.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2018-12240",
        "datePublished": "2018-08-29T20:00:00.000Z",
        "dateReserved": "2018-06-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:31:48.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12755 (GCVE-0-2019-12755)

    Vulnerability from cvelistv5 – Published: 2019-09-17 15:49 – Updated: 2024-08-04 23:32
    VLAI
    Summary
    Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:55.302Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1493.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Norton Password Manager",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 6.5.0.2104"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-17T15:49:23.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1493.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-12755",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Norton Password Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 6.5.0.2104"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1493.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1493.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-12755",
        "datePublished": "2019-09-17T15:49:23.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:32:55.302Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18365 (GCVE-0-2018-18365)

    Vulnerability from cvelistv5 – Published: 2019-04-09 19:04 – Updated: 2024-08-05 11:08
    VLAI
    Summary
    Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.
    Severity
    No CVSS data available.
    CWE
    • Address Spoof
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Norton Password Manager Affected: Prior to 6.2.0.1078 (Android) & 6.2.309 (iOS)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:08:21.553Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/en_US/article.SYMSA1475.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Norton Password Manager",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 6.2.0.1078 (Android) \u0026 6.2.309 (iOS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Address Spoof",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-09T19:04:35.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.symantec.com/en_US/article.SYMSA1475.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2018-18365",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Norton Password Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 6.2.0.1078 (Android) \u0026 6.2.309 (iOS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Address Spoof"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/en_US/article.SYMSA1475.html",
                  "refsource": "MISC",
                  "url": "https://support.symantec.com/en_US/article.SYMSA1475.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2018-18365",
        "datePublished": "2019-04-09T19:04:35.000Z",
        "dateReserved": "2018-10-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:08:21.553Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18362 (GCVE-0-2018-18362)

    Vulnerability from cvelistv5 – Published: 2018-12-06 19:00 – Updated: 2024-08-05 11:08
    VLAI
    Summary
    Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
    Severity
    No CVSS data available.
    CWE
    • Cross Site Scripting
    Assigner
    References
    Impacted products
    Date Public
    2018-12-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:08:21.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/en_US/article.SYMSA1470.html"
              },
              {
                "name": "106055",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106055"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Norton Password Manager",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 6.1.0.1045"
                }
              ]
            }
          ],
          "datePublic": "2018-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-07T10:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.symantec.com/en_US/article.SYMSA1470.html"
            },
            {
              "name": "106055",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106055"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2018-18362",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Norton Password Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 6.1.0.1045"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/en_US/article.SYMSA1470.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.symantec.com/en_US/article.SYMSA1470.html"
                },
                {
                  "name": "106055",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106055"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2018-18362",
        "datePublished": "2018-12-06T19:00:00.000Z",
        "dateReserved": "2018-10-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:08:21.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-12240 (GCVE-0-2018-12240)

    Vulnerability from cvelistv5 – Published: 2018-08-29 20:00 – Updated: 2024-09-16 23:31
    VLAI
    Summary
    The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    References
    Impacted products
    Date Public
    2018-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:30:59.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105146",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105146"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/en_US/article.SYMSA1460.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Norton Identity Safe for Android",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 5.3.0.976"
                }
              ]
            }
          ],
          "datePublic": "2018-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-30T09:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "105146",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105146"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.symantec.com/en_US/article.SYMSA1460.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2018-08-22T00:00:00",
              "ID": "CVE-2018-12240",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Norton Identity Safe for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 5.3.0.976"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105146",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105146"
                },
                {
                  "name": "https://support.symantec.com/en_US/article.SYMSA1460.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.symantec.com/en_US/article.SYMSA1460.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2018-12240",
        "datePublished": "2018-08-29T20:00:00.000Z",
        "dateReserved": "2018-06-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:31:48.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }