Total
41 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-5834 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. | |||||
CVE-2020-5835 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 4.4 MEDIUM | 7.0 HIGH |
Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. | |||||
CVE-2020-5833 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | |||||
CVE-2019-12759 | 1 Symantec | 2 Endpoint Protection Manager, Mail Security | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
CVE-2020-5831 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | |||||
CVE-2020-5827 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | |||||
CVE-2020-5830 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | |||||
CVE-2020-5829 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | |||||
CVE-2020-5828 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | |||||
CVE-2018-18368 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
CVE-2018-18367 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. | |||||
CVE-2016-3650 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. | |||||
CVE-2015-8154 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." | |||||
CVE-2016-3647 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 4.0 MEDIUM | 7.7 HIGH |
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request. | |||||
CVE-2015-1487 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 5.5 MEDIUM | N/A |
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename. | |||||
CVE-2016-5305 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack. | |||||
CVE-2015-1489 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 8.5 HIGH | N/A |
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | |||||
CVE-2016-3648 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 4.0 MEDIUM | 8.8 HIGH |
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window. | |||||
CVE-2016-3653 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 6.0 MEDIUM | 8.0 HIGH |
Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users. | |||||
CVE-2016-3649 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. |