Vulnerabilities > Symantec > Endpoint Protection > 14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-11 | CVE-2020-5837 | Link Following vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. | 7.8 |
| 2020-05-11 | CVE-2020-5836 | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. | 7.8 |
| 2020-01-09 | CVE-2016-5311 | Uncontrolled Search Path Element vulnerability in Symantec products A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. | 7.8 |
| 2019-11-15 | CVE-2019-18372 | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
| 2019-11-15 | CVE-2019-12758 | Uncontrolled Search Path Element vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature. | 6.7 |
| 2019-04-25 | CVE-2018-18366 | Use of Uninitialized Resource vulnerability in Symantec products Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory. | 6.5 |
| 2019-04-25 | CVE-2018-12244 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Symantec Endpoint Protection SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files. | 6.3 |
| 2018-11-29 | CVE-2018-12245 | Untrusted Search Path vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. | 7.8 |
| 2018-06-20 | CVE-2018-5237 | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | 8.8 |
| 2018-06-20 | CVE-2018-5236 | Race Condition vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). | 5.3 |