Skip to main content

Endpoint Protection

65 CVEs product

Monthly

CVE-2021-33572 MEDIUM This Month

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Cloud Protection For Salesforce Elements For Microsoft 365 Endpoint Protection +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-24092 HIGH PATCH This Week

Microsoft Defender Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows Defender Endpoint Protection Security Essentials +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-28641 HIGH This Week

In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Malwarebytes
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-5837 HIGH This Week

Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-5836 HIGH This Week

Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-9363 HIGH This Week

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Authentication Bypass Cloud Optix Endpoint Protection Intercept X Endpoint +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-5826 MEDIUM This Month

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-5825 MEDIUM This Month

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-5824 MEDIUM This Month

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Endpoint Protection
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-5823 HIGH This Week

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5822 HIGH This Week

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5821 HIGH This Week

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-5820 HIGH This Week

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-18372 HIGH This Week

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-12758 MEDIUM POC This Month

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Endpoint Protection
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2019-12757 HIGH This Week

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-12756 LOW PATCH Monitor

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Authentication Bypass Endpoint Protection
NVD
CVSS 3.1
2.3
EPSS
0.3%
CVE-2019-12750 HIGH This Week

Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Endpoint Protection
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-12245 HIGH This Week

Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-12239 MEDIUM This Month

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000;. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Protection Endpoint Protection Cloud Norton Antivirus
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-12238 HIGH This Week

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000;. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Protection Endpoint Protection Cloud Norton Antivirus
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5237 HIGH This Week

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-5236 MEDIUM This Month

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Endpoint Protection
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-9233 HIGH POC This Week

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Information Disclosure Endpoint Protection
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-4863 MEDIUM POC This Month

Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Authentication Bypass Endpoint Protection
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
1.2%
CVE-2017-6331 HIGH POC This Week

Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Endpoint Protection
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
0.8%
CVE-2017-13681 HIGH This Week

Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-13680 MEDIUM This Month

Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Protection
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8558 HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow RCE Microsoft Windows Defender Endpoint Protection +3
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
57.8%
Threat
4.8
CVE-2017-8537 MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft Windows Defender Endpoint Protection +5
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
5.0%
CVE-2017-8536 MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft Windows Defender Endpoint Protection +5
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
5.0%
CVE-2017-8535 MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft Windows Defender Endpoint Protection +5
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
5.0%
CVE-2016-5310 MEDIUM POC This Month

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Microsoft Denial Of Service Symantec Data Center Security Server +14
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
8.0%
CVE-2016-5309 MEDIUM POC This Month

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Information Disclosure Symantec Data Center Security Server +14
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
8.0%
CVE-2016-4025 MEDIUM This Month

Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Business Security Free Antivirus Internet Security Premier +7
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3646 HIGH POC THREAT Act Now

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.0%.

RCE Denial Of Service Microsoft Norton Security Protection Engine +16
NVD Exploit-DB
CVSS 3.0
8.4
EPSS
26.0%
Threat
4.0
CVE-2016-3645 CRITICAL POC THREAT Emergency

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.6%.

Buffer Overflow Microsoft Norton Security Protection Engine Advanced Threat Protection +15
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
75.6%
Threat
5.7
CVE-2016-3644 HIGH POC THREAT Act Now

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.0%.

Denial Of Service RCE Buffer Overflow Microsoft Norton Security +17
NVD Exploit-DB
CVSS 3.0
8.4
EPSS
29.0%
Threat
4.1
CVE-2016-2211 HIGH This Week

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Mail Security For Microsoft Exchange +17
NVD
CVSS 3.0
7.8
EPSS
9.7%
CVE-2016-2210 HIGH POC THREAT Act Now

Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.1%.

RCE Buffer Overflow Microsoft Mail Security For Microsoft Exchange Norton Power Eraser +16
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
29.1%
CVE-2016-2209 HIGH POC THREAT Act Now

Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway;. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.1%.

RCE Buffer Overflow Microsoft Mail Security For Microsoft Exchange Norton Power Eraser +16
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
29.1%
CVE-2016-2207 HIGH POC THREAT Act Now

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

RCE Denial Of Service Microsoft Mail Security For Microsoft Exchange Norton Power Eraser +16
NVD Exploit-DB
CVSS 3.0
8.4
EPSS
50.2%
Threat
4.7
CVE-2015-8113 HIGH This Week

Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2014-9229 MEDIUM This Month

Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Endpoint Protection
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-9228 MEDIUM This Month

sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Endpoint Protection
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-9227 MEDIUM This Month

Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Endpoint Protection
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-3434 MEDIUM POC This Month

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

RCE Buffer Overflow Endpoint Protection
NVD Exploit-DB
CVSS 2.0
6.9
EPSS
0.6%
CVE-2013-5011 HIGH This Week

Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Microsoft Endpoint Protection
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-5010 MEDIUM This Month

The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-5009 HIGH This Week

The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly. Rated high severity (CVSS 7.4). No vendor patch available.

Authentication Bypass Endpoint Protection
NVD
CVSS 2.0
7.4
EPSS
0.3%
CVE-2012-4348 HIGH This Week

The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

PHP RCE Endpoint Protection
NVD
CVSS 2.0
7.2
EPSS
2.5%
CVE-2012-4953 CRITICAL Act Now

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Antivirus Endpoint Protection +1
NVD
CVSS 2.0
9.3
EPSS
9.5%
CVE-2012-1821 MEDIUM This Month

The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Endpoint Protection
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2012-0295 CRITICAL Act Now

The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Endpoint Protection
NVD
CVSS 2.0
9.3
EPSS
5.2%
CVE-2012-0294 MEDIUM This Month

Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Endpoint Protection
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2012-0289 HIGH POC This Week

Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Endpoint Protection Network Access Control
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.7%
CVE-2012-1462 MEDIUM This Month

The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Fortinet V3 Internet Security Esafe Avg Anti Virus +7
NVD
CVSS 2.0
4.3
EPSS
8.4%
CVE-2012-1461 MEDIUM This Month

The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 83.9% and no vendor patch available.

Privilege Escalation Fortinet Vba32 Command Antivirus Avg Anti Virus +17
NVD
CVSS 2.0
4.3
EPSS
83.9%
CVE-2012-1459 MEDIUM This Month

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 79.5% and no vendor patch available.

Privilege Escalation Fortinet Microsoft V3 Internet Security Avast Antivirus +33
NVD
CVSS 2.0
4.3
EPSS
79.5%
CVE-2012-1457 MEDIUM This Month

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 50.8% and no vendor patch available.

Privilege Escalation Microsoft Esafe Avast Antivirus Vba32 +25
NVD
CVSS 2.0
4.3
EPSS
50.8%
CVE-2012-1456 MEDIUM This Month

The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 18.2% and no vendor patch available.

Privilege Escalation Fortinet Esafe Avg Anti Virus Quick Heal +18
NVD
CVSS 2.0
4.3
EPSS
18.2%
CVE-2012-1446 MEDIUM This Month

The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Fortinet Esafe Avl Sdk Etrust Vet Antivirus +12
NVD
CVSS 2.0
4.3
EPSS
2.5%
CVE-2012-1443 MEDIUM This Month

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 50.2% and no vendor patch available.

Privilege Escalation Fortinet Microsoft V3 Internet Security Esafe +34
NVD
CVSS 2.0
4.3
EPSS
50.2%
CVE-2012-1425 MEDIUM This Month

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 54.2% and no vendor patch available.

Privilege Escalation Fortinet Avl Sdk Antivir Quick Heal +13
NVD
CVSS 2.0
4.3
EPSS
54.2%
CVE-2012-1421 MEDIUM This Month

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Quick Heal Norman Antivirus Antispyware Rising Antivirus Endpoint Protection
NVD
CVSS 2.0
4.3
EPSS
0.2%
EPSS 1% CVSS 6.5
MEDIUM This Month

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Cloud Protection For Salesforce +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Defender Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows Defender +3
NVD
EPSS 1% CVSS 7.1
HIGH This Week

In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Malwarebytes
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos Authentication Bypass Cloud Optix +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Endpoint Protection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Endpoint Protection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
EPSS 1% CVSS 6.7
MEDIUM POC This Month

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Endpoint Protection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Authentication Bypass Endpoint Protection
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000;. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Protection Endpoint Protection Cloud +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000;. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Protection Endpoint Protection Cloud +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Endpoint Protection
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Information Disclosure Endpoint Protection
NVD Exploit-DB
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Authentication Bypass Endpoint Protection
NVD Exploit-DB
EPSS 1% CVSS 7.1
HIGH POC This Week

Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Endpoint Protection
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Protection
NVD
EPSS 58% 4.8 CVSS 7.8
HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow RCE Microsoft +5
NVD Exploit-DB
EPSS 5% CVSS 5.5
MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft +7
NVD Exploit-DB
EPSS 5% CVSS 5.5
MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft +7
NVD Exploit-DB
EPSS 5% CVSS 5.5
MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft +7
NVD Exploit-DB
EPSS 8% CVSS 5.5
MEDIUM POC This Month

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Microsoft +16
NVD Exploit-DB
EPSS 8% CVSS 5.5
MEDIUM POC This Month

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft +16
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM This Month

Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Business Security Free Antivirus +9
NVD
EPSS 26% 4.0 CVSS 8.4
HIGH POC THREAT Act Now

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.0%.

RCE Denial Of Service Microsoft +18
NVD Exploit-DB
EPSS 76% 5.7 CVSS 9.8
CRITICAL POC THREAT Emergency

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.6%.

Buffer Overflow Microsoft Norton Security +17
NVD Exploit-DB
EPSS 29% 4.1 CVSS 8.4
HIGH POC THREAT Act Now

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.0%.

Denial Of Service RCE Buffer Overflow +19
NVD Exploit-DB
EPSS 10% CVSS 7.8
HIGH This Week

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +19
NVD
EPSS 29% CVSS 7.3
HIGH POC THREAT Act Now

Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.1%.

RCE Buffer Overflow Microsoft +18
NVD Exploit-DB
EPSS 29% CVSS 7.3
HIGH POC THREAT Act Now

Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway;. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.1%.

RCE Buffer Overflow Microsoft +18
NVD Exploit-DB
EPSS 50% 4.7 CVSS 8.4
HIGH POC THREAT Act Now

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

RCE Denial Of Service Microsoft +18
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH This Week

Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Endpoint Protection
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Endpoint Protection
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Endpoint Protection
NVD
EPSS 1% CVSS 6.9
MEDIUM POC This Month

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

RCE Buffer Overflow Endpoint Protection
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH This Week

Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Microsoft Endpoint Protection
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
EPSS 0% CVSS 7.4
HIGH This Week

The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly. Rated high severity (CVSS 7.4). No vendor patch available.

Authentication Bypass Endpoint Protection
NVD
EPSS 2% CVSS 7.2
HIGH This Week

The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

PHP RCE Endpoint Protection
NVD
EPSS 9% CVSS 9.3
CRITICAL Act Now

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE +3
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Endpoint Protection
NVD
EPSS 5% CVSS 9.3
CRITICAL Act Now

The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Endpoint Protection
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Endpoint Protection
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Endpoint Protection +1
NVD Exploit-DB
EPSS 8% CVSS 4.3
MEDIUM This Month

The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Fortinet V3 Internet Security +9
NVD
EPSS 84% CVSS 4.3
MEDIUM This Month

The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 83.9% and no vendor patch available.

Privilege Escalation Fortinet Vba32 +19
NVD
EPSS 80% CVSS 4.3
MEDIUM This Month

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 79.5% and no vendor patch available.

Privilege Escalation Fortinet Microsoft +35
NVD
EPSS 51% CVSS 4.3
MEDIUM This Month

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 50.8% and no vendor patch available.

Privilege Escalation Microsoft Esafe +27
NVD
EPSS 18% CVSS 4.3
MEDIUM This Month

The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 18.2% and no vendor patch available.

Privilege Escalation Fortinet Esafe +20
NVD
EPSS 3% CVSS 4.3
MEDIUM This Month

The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Fortinet Esafe +14
NVD
EPSS 50% CVSS 4.3
MEDIUM This Month

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 50.2% and no vendor patch available.

Privilege Escalation Fortinet Microsoft +36
NVD
EPSS 54% CVSS 4.3
MEDIUM This Month

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 54.2% and no vendor patch available.

Privilege Escalation Fortinet Avl Sdk +15
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Quick Heal Norman Antivirus Antispyware +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy