CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12245
https://notcve.org/view.php?id=CVE-2018-12245
29 Nov 2018 — Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated. Symantec En... • http://www.securityfocus.com/bid/105919 • CWE-426: Untrusted Search Path •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-5236
https://notcve.org/view.php?id=CVE-2018-5236
20 Jun 2018 — Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events. Symantec Endpoint Protection en versiones anteriores a la 14 RU1 MP1 o 12.1 RU6 MP10 podría ser vulnerable a una condición de carrera may be susceptible to a race condition (o condición de secuencia). Este tipo de problema ocurre en software cuando la salida depe... • http://www.securityfocus.com/bid/104198 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2018-5237
https://notcve.org/view.php?id=CVE-2018-5237
20 Jun 2018 — Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. Symantec Endpoint Protection, en versiones anteriores a 14 RU1 MP1 o 12.1 RU6 MP10, podría ser susceptible a una vulnerabilidad de escalado de privilegios. Este tipo de problema permite que un usuario obtenga accesos elevados a recursos que, normalmen... • http://www.securityfocus.com/bid/104199 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9094
https://notcve.org/view.php?id=CVE-2016-9094
16 Apr 2018 — Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential exists for file metadata to be interpreted and evaluated as a formula. Successful exploitation of an attack of this type requires considerable direct user-interaction from the user exporting and then opening the log files on the intende... • http://www.securityfocus.com/bid/96298 • CWE-20: Improper Input Validation •