Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Endpoint_protection
(Symantec)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 71 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-11 | CVE-2020-5825 | Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges. | Endpoint_protection | 5.5 | ||
| 2020-02-11 | CVE-2020-5826 | Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. | Endpoint_protection | 5.5 | ||
| 2020-05-11 | CVE-2020-5836 | Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. | Endpoint_protection | 7.8 | ||
| 2017-11-06 | CVE-2017-6331 | Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients. | Endpoint_protection | N/A | ||
| 2019-04-25 | CVE-2018-18366 | Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory. | Endpoint_protection, Endpoint_protection_cloud, Endpoint_protection_cloud_agent, Norton_security | 6.5 | ||
| 2019-04-25 | CVE-2018-12244 | SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files. | Endpoint_protection | 6.3 | ||
| 2016-06-30 | CVE-2016-3646 | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers... | Advanced_threat_protection, Csapi, Data_center_security_server, Endpoint_protection, Mail_security_for_domino, Mail_security_for_microsoft_exchange, Message_gateway, Message_gateway_for_service_providers, Ngc, Norton_360, Norton_antivirus, Norton_bootable_removal_tool, Norton_internet_security, Norton_power_eraser, Norton_security, Norton_security_with_backup, Protection_engine, Protection_for_sharepoint_servers | 8.4 | ||
| 2016-06-30 | CVE-2016-3645 | Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01;... | Advanced_threat_protection, Csapi, Data_center_security_server, Endpoint_protection, Mail_security_for_domino, Mail_security_for_microsoft_exchange, Message_gateway, Message_gateway_for_service_providers, Ngc, Norton_360, Norton_antivirus, Norton_bootable_removal_tool, Norton_internet_security, Norton_power_eraser, Norton_security, Norton_security_with_backup, Protection_engine, Protection_for_sharepoint_servers | 9.8 | ||
| 2016-06-30 | CVE-2016-3644 | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers... | Advanced_threat_protection, Csapi, Data_center_security_server, Endpoint_protection, Mail_security_for_domino, Mail_security_for_microsoft_exchange, Message_gateway, Message_gateway_for_service_providers, Ngc, Norton_360, Norton_antivirus, Norton_bootable_removal_tool, Norton_internet_security, Norton_power_eraser, Norton_security, Norton_security_with_backup, Protection_engine, Protection_for_sharepoint_servers | 8.4 | ||
| 2020-05-11 | CVE-2020-5837 | Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. | Endpoint_protection | N/A |