Vulnerabilities > Symantec > Endpoint Protection > 12.1.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-11 | CVE-2020-5837 | Link Following vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. | 7.8 |
| 2020-05-11 | CVE-2020-5836 | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. | 7.8 |
| 2020-01-09 | CVE-2016-5311 | Uncontrolled Search Path Element vulnerability in Symantec products A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. | 7.8 |
| 2019-11-15 | CVE-2019-18372 | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
| 2019-11-15 | CVE-2019-12758 | Uncontrolled Search Path Element vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature. | 6.7 |
| 2018-11-29 | CVE-2018-12245 | Untrusted Search Path vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. | 7.8 |
| 2018-11-29 | CVE-2018-12239 | Unspecified vulnerability in Symantec Endpoint Protection and Endpoint Protection Cloud Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. low complexity symantec | 6.8 |
| 2018-11-29 | CVE-2018-12238 | Unspecified vulnerability in Symantec Endpoint Protection and Endpoint Protection Cloud Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. | 7.8 |
| 2018-06-20 | CVE-2018-5237 | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | 8.8 |
| 2018-06-20 | CVE-2018-5236 | Race Condition vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). | 5.3 |