Vulnerabilities > Symantec > Endpoint Protection > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-15 CVE-2019-18372 Unspecified vulnerability in Symantec Endpoint Protection 11/11.0/11.0.1
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
symantec
7.2
2019-11-15 CVE-2019-12758 Uncontrolled Search Path Element vulnerability in Symantec Endpoint Protection 11/11.0/11.0.1
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.
local
low complexity
symantec CWE-427
7.2
2015-11-12 CVE-2015-8113 Incomplete Fix Binary Planting vulnerability in Symantec Endpoint Protection 11.0
Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package.
local
low complexity
symantec
7.2
2014-01-10 CVE-2013-5011 Path Traversal vulnerability in Symantec Endpoint Protection
Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory.
local
low complexity
symantec CWE-22
7.2
2014-01-10 CVE-2013-5009 Improper Authentication vulnerability in Symantec Endpoint Protection
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.
7.4
2012-12-18 CVE-2012-4348 Improper Input Validation vulnerability in Symantec Endpoint Protection
The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
low complexity
symantec CWE-20
7.2
2012-05-23 CVE-2012-0289 Buffer Errors vulnerability in Symantec Endpoint Protection and Network Access Control
Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.
local
low complexity
symantec CWE-119
7.2
2010-12-22 CVE-2010-0114 Improper Input Validation vulnerability in Symantec Endpoint Protection
fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request.
network
low complexity
symantec CWE-20
7.5