Page 4 of 112 results (0.009 seconds)

CVSS: 5.5EPSS: 0%CPEs: 77EXPL: 0

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. Symantec Endpoint Protection (SEP) y Symantec Endpoint Protection Small Business Edition (SEP SBE), versiones anteriores a 14.2 RU2 MP1 y versiones anteriores a 14.2.5569.2100 respectivamente, pueden ser susceptibles a una vulnerabilidad fuera de límites, que es un tipo de problema que resulta en que una aplicación existente lea la memoria fuera de los límites de la memoria que ha sido asignada al programa. This vulnerability allows local attackers to disclose sensitive information on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvHostPlugin.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated buffer. • https://support.symantec.com/us/en/article.SYMSA1505.html • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 77EXPL: 0

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Endpoint Protection (SEP) y Symantec Endpoint Protection Small Business Edition (SEP SBE), versiones anteriores a 14.2 RU2 MP1 y versiones anteriores a 14.2.5569.2100 respectivamente, pueden ser susceptibles a una vulnerabilidad de escalada de privilegios, que es un tipo de problema por el cual un atacante puede intentar comprometer la aplicación de software para conseguir un acceso elevado a los recursos que normalmente están protegidos de una aplicación o un usuario. This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ccJobMgr.dll module. By invoking a method of a COM class, an attacker can launch an arbitrary executable. • https://support.symantec.com/us/en/article.SYMSA1505.html •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. Se presenta una vulnerabilidad de escalada de privilegios en Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud y Endpoint Protection Cloud Client, debido a una precarga de DLL sin restricciones de ruta, que podría permitir a un usuario malicioso local obtener privilegios system. • http://www.securityfocus.com/bid/94295 http://www.securitytracker.com/id/1037323 http://www.securitytracker.com/id/1037324 http://www.securitytracker.com/id/1037325 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00 • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature. Symantec Endpoint Protection, versiones anteriores a la versión 14.2 RU2, puede ser susceptible a una vulnerabilidad de ejecución de código sin firmar, lo que puede permitir a un individuo ejecutar código sin una firma digital apropiada residente. • https://safebreach.com/Post/Symantec-Endpoint-Protection-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-12758 https://support.symantec.com/us/en/article.SYMSA1488.html • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.8EPSS: 0%CPEs: 76EXPL: 0

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Endpoint Protection (SEP), versiones anteriores a la versión 14.2 RU2 y 12.1 RU6 MP10 y Symantec Endpoint Protection Small Business Edition (SEP SBE) versiones anteriores a la versión 12.1 RU6 MP10d (12.1.7510.7002), puede ser susceptible a una vulnerabilidad de escalada de privilegios, que es un tipo de problema por el cual un atacante puede intentar comprometer la aplicación de software para conseguir un acceso elevado a recursos que normalmente están protegidos de una aplicación o un usuario. • https://support.symantec.com/us/en/article.SYMSA1488.html •