Vulnerabilities > Symantec > Endpoint Protection > Low

DATE CVE VULNERABILITY TITLE RISK
2020-02-11 CVE-2020-5824 Unspecified vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable.
local
low complexity
symantec
2.1
2020-02-11 CVE-2020-5825 Improper Privilege Management vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges.
local
low complexity
symantec CWE-269
3.6
2020-02-11 CVE-2020-5826 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
local
low complexity
symantec CWE-119
2.1
2019-11-15 CVE-2019-12756 Unspecified vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights.
local
low complexity
symantec
2.1
2019-04-25 CVE-2018-18366 Use of Uninitialized Resource vulnerability in Symantec products
Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.
local
low complexity
symantec CWE-908
2.1
2018-06-20 CVE-2018-5236 Race Condition vulnerability in Symantec Endpoint Protection
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard).
network
symantec CWE-362
3.5
2017-11-06 CVE-2017-13680 Unspecified vulnerability in Symantec Endpoint Protection 14
Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.
local
low complexity
symantec microsoft
3.6
2010-02-19 CVE-2010-0106 Unspecified vulnerability in Symantec Antivirus, Client Security and Endpoint Protection
The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific events" that prevent the user from having read access to unspecified resources.
local
symantec
1.9