Vulnerabilities > Symantec > Endpoint Protection
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-06 | CVE-2014-3434 | Buffer Errors vulnerability in Symantec Endpoint Protection 11.0/12.0/12.1 Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call. | 6.9 |
| 2014-01-10 | CVE-2013-5011 | Path Traversal vulnerability in Symantec Endpoint Protection Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory. | 7.2 |
| 2014-01-10 | CVE-2013-5010 | Permissions, Privileges, and Access Controls vulnerability in Symantec Endpoint Protection The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors. | 4.6 |
| 2014-01-10 | CVE-2013-5009 | Improper Authentication vulnerability in Symantec Endpoint Protection The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account. | 7.4 |
| 2012-12-18 | CVE-2012-4348 | Improper Input Validation vulnerability in Symantec Endpoint Protection The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | 7.2 |
| 2012-11-14 | CVE-2012-4953 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Antivirus, Endpoint Protection and Scan Engine The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file. | 9.3 |
| 2012-05-24 | CVE-2012-1821 | Unspecified vulnerability in Symantec Endpoint Protection The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic. | 5.0 |
| 2012-05-23 | CVE-2012-0295 | Code Injection vulnerability in Symantec Endpoint Protection 12.1/12.1.1000/12.1.671 The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294. | 9.3 |
| 2012-05-23 | CVE-2012-0294 | Path Traversal vulnerability in Symantec Endpoint Protection 12.1/12.1.1000/12.1.671 Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors. | 5.8 |
| 2012-05-23 | CVE-2012-0289 | Buffer Errors vulnerability in Symantec Endpoint Protection and Network Access Control Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script. | 7.2 |