Vulnerabilities > Symantec > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-01-10 | CVE-2013-5009 | Improper Authentication vulnerability in Symantec Endpoint Protection The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account. | 7.4 |
| 2013-08-05 | CVE-2013-4575 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Backup Exec 2010/2012 Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via unspecified vectors. | 7.9 |
| 2013-08-01 | CVE-2013-4672 | Permissions, Privileges, and Access Controls vulnerability in Symantec products The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command. | 7.2 |
| 2013-08-01 | CVE-2013-1617 | SQL Injection vulnerability in Symantec products Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | 7.4 |
| 2013-08-01 | CVE-2013-1616 | OS Command Injection vulnerability in Symantec products The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. | 8.3 |
| 2013-06-20 | CVE-2013-1612 | Buffer Errors vulnerability in Symantec products Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors. | 7.9 |
| 2012-12-18 | CVE-2012-4350 | Local Privilege Escalation vulnerability in Symantec Enterprise Security Manager/Agent Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors. | 7.2 |
| 2012-12-18 | CVE-2012-4348 | Improper Input Validation vulnerability in Symantec Endpoint Protection The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | 7.2 |
| 2012-12-11 | CVE-2012-4349 | Local Privilege Escalation vulnerability in Symantec Network Access Control 12.1/12.1.1/12.1.1.1 Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2012-08-29 | CVE-2012-3580 | Security Bypass vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. low complexity symantec | 7.7 |