Vulnerabilities > Symantec > Endpoint Protection > 12.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-20 | CVE-2018-5237 | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | 6.5 |
2018-06-20 | CVE-2018-5236 | Race Condition vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). | 3.5 |
2018-04-16 | CVE-2016-9094 | Improper Input Validation vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. | 6.8 |
2018-04-16 | CVE-2016-9093 | Improper Input Validation vulnerability in Symantec Endpoint Protection A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. | 6.9 |
2015-09-20 | CVE-2014-9229 | SQL Injection vulnerability in Symantec Endpoint Protection Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role. | 6.5 |
2015-09-20 | CVE-2014-9228 | Resource Management Errors vulnerability in Symantec Endpoint Protection sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlock condition. | 4.9 |
2015-09-20 | CVE-2014-9227 | DLL Loading Local Privilege Escalation vulnerability in Symantec Endpoint Protection Manager and Client Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. local symantec | 4.4 |
2014-08-06 | CVE-2014-3434 | Buffer Errors vulnerability in Symantec Endpoint Protection 11.0/12.0/12.1 Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call. | 6.9 |
2012-12-18 | CVE-2012-4348 | Improper Input Validation vulnerability in Symantec Endpoint Protection The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | 7.2 |
2012-05-23 | CVE-2012-0295 | Code Injection vulnerability in Symantec Endpoint Protection 12.1/12.1.1000/12.1.671 The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294. | 9.3 |