CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2016-4025
https://notcve.org/view.php?id=CVE-2016-4025
Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call. Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x y Email Server Security v8.x.x permiten a atacantes eludir la funcionalidad DeepScreen a través de una llamada DeviceIoControll. • https://labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-2016-4025 • CWE-254: 7PK - Security Features •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8113
https://notcve.org/view.php?id=CVE-2015-8113
Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1492. Vulnerabilidad de búsqueda de ruta no confiable en el cliente en Symantec Endpoint Protection (SEP) 12.1 en versiones anteriores a 12.1-RU6-MP3 permite a usuarios locales obtener privilegios a través de un Troyano DLL en un paquete de instalación en el cliente. NOTA: ésta vulnerabilidad existe debido a una solución incompleta para CVE-2015-1492. • http://www.securityfocus.com/bid/77585 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9229
https://notcve.org/view.php?id=CVE-2014-9229
Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role. Vulnerabilidad de inyección SQL múltiple en la interfaz de scripts PHP en el componente Manager en Symantec Endpoint Protection (SEP) en versiones anteriores a 12.1.6, permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios mediante el aprovechamiento del rol Limited Administrator. • http://www.securityfocus.com/bid/75204 http://www.securitytracker.com/id/1032616 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9227
https://notcve.org/view.php?id=CVE-2014-9227
Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. Múltiples vulnerabilidades de búsqueda de ruta no confiable en el componente Manager en Symantec Endpoint Protection (SEP) en versiones anteriores a 12.1.6, permite a usuarios locales obtener privilegios a través de un Troyano DLL en un directorio no especificado. • http://www.securityfocus.com/bid/75203 http://www.securitytracker.com/id/1032616 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9228
https://notcve.org/view.php?id=CVE-2014-9228
sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlock condition. Vulnerabilidad en sysplant.sys en el componente Manager en Symantec Endpoint Protection (SEP) en versiones anteriores a 12.1.6, permite a usuarios locales causar una denegación de servicio (apagado de sistema bloqueado) desencadenando una condición de interbloqueo no especificada. • http://www.securityfocus.com/bid/75202 http://www.securitytracker.com/id/1032616 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00 • CWE-399: Resource Management Errors •