Vulnerabilities > Symantec > High

DATE CVE VULNERABILITY TITLE RISK
2014-01-10 CVE-2013-5009 Improper Authentication vulnerability in Symantec Endpoint Protection
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.
7.4
2013-08-05 CVE-2013-4575 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Backup Exec 2010/2012
Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via unspecified vectors.
7.9
2013-08-01 CVE-2013-4672 Permissions, Privileges, and Access Controls vulnerability in Symantec products
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command.
low complexity
symantec CWE-264
7.2
2013-08-01 CVE-2013-1617 SQL Injection vulnerability in Symantec products
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.
7.4
2013-08-01 CVE-2013-1616 OS Command Injection vulnerability in Symantec products
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.
low complexity
symantec CWE-78
8.3
2013-06-20 CVE-2013-1612 Buffer Errors vulnerability in Symantec products
Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors.
7.9
2012-12-18 CVE-2012-4350 Local Privilege Escalation vulnerability in Symantec Enterprise Security Manager/Agent
Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors.
local
low complexity
symantec
7.2
2012-12-18 CVE-2012-4348 Improper Input Validation vulnerability in Symantec Endpoint Protection
The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
low complexity
symantec CWE-20
7.2
2012-12-11 CVE-2012-4349 Local Privilege Escalation vulnerability in Symantec Network Access Control 12.1/12.1.1/12.1.1.1
Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors.
local
low complexity
symantec
7.2
2012-08-29 CVE-2012-3580 Security Bypass vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface.
low complexity
symantec
7.7