Endpoint Protection Security Vulnerabilities and Issues — Page 2 of Endpoint Protection CVE List

Lucene search

SymantecEndpoint Protection

71 matches found

CVE•added 2018/04/16 7:29 p.m.•43 views

CVE-2016-9094

Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential exists for file metadat...

7.8CVSS7.4AI score0.00296EPSS

CVE•added 2010/12/22 1:0 a.m.•42 views

CVE-2010-0114

fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request.

7.5CVSS7.8AI score0.0276EPSS

CVE•added 2012/05/23 9:55 p.m.•42 views

CVE-2012-0295

The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294.

9.3CVSS7.6AI score0.0636EPSS

CVE•added 2012/11/14 12:30 p.m.•42 views

CVE-2012-4953

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which a...

9.3CVSS7.8AI score0.09486EPSS

CVE•added 2016/06/30 11:59 p.m.•42 views

CVE-2016-3645

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) ...

10CVSS7.2AI score0.75552EPSS

CVE•added 2011/08/15 7:55 p.m.•41 views

CVE-2011-0550

Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allow remote attackers to inject arbitrary web script or HTML via (1) the token parameter to portal/Help.jsp or (2) the URI i...

4.3CVSS5.7AI score0.00719EPSS

CVE•added 2015/09/20 8:59 p.m.•41 views

CVE-2014-9227

Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory.

4.4CVSS6.8AI score0.00084EPSS

CVE•added 2014/01/10 4:47 p.m.•39 views

CVE-2013-5010

The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intend...

4.6CVSS6.2AI score0.00072EPSS

CVE•added 2015/09/20 8:59 p.m.•39 views

CVE-2014-9229

Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role.

6.5CVSS8.2AI score0.00438EPSS

CVE•added 2018/06/20 4:29 p.m.•39 views

CVE-2018-5237

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.

8.8CVSS8.9AI score0.01579EPSS

CVE•added 2012/03/21 10:11 a.m.•38 views

CVE-2012-1421

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MSCF character sequence. NOTE: ...

4.3CVSS6.6AI score0.00191EPSS

CVE•added 2012/03/21 10:11 a.m.•37 views

CVE-2012-1425

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfe...

4.3CVSS6.6AI score0.54236EPSS

CVE•added 2011/08/15 7:55 p.m.•36 views

CVE-2011-0551

Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

6.8CVSS7.2AI score0.00264EPSS

CVE•added 2012/05/23 9:55 p.m.•36 views

CVE-2012-0294

Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors.

5.8CVSS6.6AI score0.00636EPSS

CVE•added 2018/04/16 7:29 p.m.•36 views

CVE-2016-9093

A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to ...

7CVSS6.8AI score0.00092EPSS

CVE•added 2018/11/29 2:29 p.m.•35 views

CVE-2018-12239

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass...

6.8CVSS6.9AI score0.00087EPSS

CVE•added 2019/04/25 7:29 p.m.•35 views

CVE-2018-12244

SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.

6.8CVSS6.5AI score0.00449EPSS

CVE•added 2018/06/20 4:29 p.m.•34 views

CVE-2018-5236

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.

5.3CVSS6.5AI score0.00609EPSS

CVE•added 2020/02/11 6:15 p.m.•34 views

CVE-2020-5822

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise th...

7.8CVSS7.9AI score0.00072EPSS

CVE•added 2019/04/25 5:29 p.m.•33 views

CVE-2018-18369

Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution ...

7.8CVSS7.6AI score0.00397EPSS

CVE•added 2020/02/11 6:15 p.m.•30 views

CVE-2020-5821

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own cod...

7.8CVSS7.7AI score0.00072EPSS

Total number of security vulnerabilities71