CVE-2016-5311
https://notcve.org/view.php?id=CVE-2016-5311
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. Se presenta una vulnerabilidad de escalada de privilegios en Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud y Endpoint Protection Cloud Client, debido a una precarga de DLL sin restricciones de ruta, que podría permitir a un usuario malicioso local obtener privilegios system. • http://www.securityfocus.com/bid/94295 http://www.securitytracker.com/id/1037323 http://www.securitytracker.com/id/1037324 http://www.securitytracker.com/id/1037325 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00 • CWE-427: Uncontrolled Search Path Element •
CVE-2019-12758
https://notcve.org/view.php?id=CVE-2019-12758
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature. Symantec Endpoint Protection, versiones anteriores a la versión 14.2 RU2, puede ser susceptible a una vulnerabilidad de ejecución de código sin firmar, lo que puede permitir a un individuo ejecutar código sin una firma digital apropiada residente. • https://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758 https://support.symantec.com/us/en/article.SYMSA1488.html • CWE-427: Uncontrolled Search Path Element •
CVE-2019-12757
https://notcve.org/view.php?id=CVE-2019-12757
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Endpoint Protection (SEP), versiones anteriores a la versión 14.2 RU2 y 12.1 RU6 MP10 y Symantec Endpoint Protection Small Business Edition (SEP SBE) versiones anteriores a la versión 12.1 RU6 MP10d (12.1.7510.7002), puede ser susceptible a una vulnerabilidad de escalada de privilegios, que es un tipo de problema por el cual un atacante puede intentar comprometer la aplicación de software para conseguir un acceso elevado a recursos que normalmente están protegidos de una aplicación o un usuario. • https://support.symantec.com/us/en/article.SYMSA1488.html •
CVE-2019-12756
https://notcve.org/view.php?id=CVE-2019-12756
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights. Symantec Endpoint Protection (SEP), versiones anteriores a la versión 14.2 RU2, puede ser susceptible a una vulnerabilidad de omisión de protección de contraseña por la cual la capa secundaria de protección de contraseña podría ser omitida para individuos con derechos de administrador local. • https://support.symantec.com/us/en/article.SYMSA1488.html •
CVE-2019-18372 – Symantec Endpoint Protection Manager OpenSSL Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-18372
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Endpoint Protection, versiones anteriores a la versión 14.2 RU2, puede ser susceptible a una vulnerabilidad de escalada de privilegios, que es un tipo de problema por el cual un atacante puede intentar comprometer la aplicación de software para conseguir un acceso elevado a recursos que normalmente están protegidos de una aplicación o un usuario. This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. When processing an HTTPS request, the process loads the OpenSSL configuration file, which can be used to load arbitrary executable files. • https://support.symantec.com/us/en/article.SYMSA1488.html •