Vulnerabilities > Symantec > Endpoint Protection

DATE CVE VULNERABILITY TITLE RISK
2019-11-15 CVE-2019-18372 Unspecified vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec
7.8
2019-11-15 CVE-2019-12758 Uncontrolled Search Path Element vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.
local
low complexity
symantec CWE-427
6.7
2019-11-15 CVE-2019-12757 Unspecified vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec
7.8
2019-11-15 CVE-2019-12756 Unspecified vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights.
local
low complexity
symantec
2.3
2019-07-31 CVE-2019-12750 Out-of-bounds Read vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec CWE-125
7.8
2019-04-25 CVE-2018-18366 Use of Uninitialized Resource vulnerability in Symantec products
Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.
local
low complexity
symantec CWE-908
6.5
2019-04-25 CVE-2018-12244 Improper Neutralization of Formula Elements in a CSV File vulnerability in Symantec Endpoint Protection
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.
network
low complexity
symantec CWE-1236
6.3
2019-04-25 CVE-2018-18369 Untrusted Search Path vulnerability in Symantec products
Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
local
low complexity
symantec CWE-426
7.8
2018-11-29 CVE-2018-12245 Untrusted Search Path vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker.
local
low complexity
symantec CWE-426
7.8
2018-11-29 CVE-2018-12239 Unspecified vulnerability in Symantec Endpoint Protection and Endpoint Protection Cloud
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection.
low complexity
symantec
6.8