CVE-2021-33572

all versions

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Se

3.5LOW

CVE-2021-24092

all versions

Microsoft Defender Elevation of Privilege Vulnerability

7.8HIGH

CVE-2020-28641

< 1.2.0.849

In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quaranti

7.1HIGH

CVE-2020-5837

< 14.3

Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbo

7.8HIGH

CVE-2020-5836

< 14.3

Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Pr

7.8HIGH

CVE-2020-9363

< 2020-01-14

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Prot

7.8HIGH

CVE-2020-5826

all versions

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and pr

5.5MEDIUM

CVE-2020-5825

all versions

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and pr

5.5MEDIUM

CVE-2020-5824

all versions

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and pr

5.5MEDIUM

CVE-2020-5823

all versions

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and pr

7.8HIGH

CVE-2020-5822

all versions

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and pr

7.8HIGH

CVE-2020-5821

all versions

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and pr

7.8HIGH

CVE-2020-5820

all versions

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and pr

7.8HIGH

CVE-2016-5311

< 22.8.0.50

A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Se

7.8HIGH

CVE-2019-18372

<= 14.2

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of is

7.8HIGH

CVE-2019-12758

<= 14.2

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow a

6.7MEDIUM

CVE-2019-12757

all versions

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP

7.8HIGH

CVE-2019-12756

all versions

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the

2.3LOW

CVE-2019-12750

all versions

Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to

7.8HIGH

CVE-2018-18366

all versions

Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SB

6.5MEDIUM

CVE-2018-12244

all versions

SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known a

6.3MEDIUM

CVE-2018-18369

all versions

Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 &

7.8HIGH

CVE-2018-12245

>= 11.0 and <= 14.2.0.1

Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issu

7.8HIGH

CVE-2018-12239

>= 11.0 and < 12.1.7454.7000

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Busin

6.8MEDIUM

CVE-2018-12238

>= 11.0 and < 12.1.7454.7000

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Busin

7.8HIGH

CVE-2018-5237

<= 14.0

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, wh

8.8HIGH

CVE-2018-5236

<= 14.0

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This ty

5.3MEDIUM

CVE-2016-9094

<= 14.0

Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quara

7.8HIGH

CVE-2016-9093

<= 12.1.6

A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitiz

7.0HIGH

CVE-2018-9233

all versions

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\

7.8HIGH

CVE-2018-4863

all versions

Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MA

5.5MEDIUM

CVE-2017-6331

< 14.0

Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of at

7.1HIGH

CVE-2017-13681

< 12.1

Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a ty

7.8HIGH

CVE-2017-13680

< 12.1

Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker

5.5MEDIUM

CVE-2017-8558

all versions

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Wind

7.8HIGH

CVE-2017-8540

all versions

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2

7.8HIGH

CVE-2017-8537

all versions

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2

5.5MEDIUM

CVE-2017-8536

all versions

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2

5.5MEDIUM

CVE-2017-8535

all versions

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2

5.5MEDIUM

CVE-2016-5310

<= 12.1.6

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec E

5.5MEDIUM

CVE-2016-5309

<= 12.1.6

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec E

5.5MEDIUM

CVE-2016-4025

<= 8.0.1609

Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoi

5.5MEDIUM

CVE-2016-3646

all versions

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x th

8.4HIGH

CVE-2016-3645

all versions

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Da

9.8CRITICAL

CVE-2016-3644

all versions

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x th

8.4HIGH

CVE-2016-2211

all versions

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x th

7.8HIGH

CVE-2016-2210

all versions

Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Cent

7.3HIGH

CVE-2016-2209

all versions

Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Cente

7.3HIGH

CVE-2016-2207

all versions

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x th

8.4HIGH

CVE-2015-8113

<= 12.1

Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local user

CVE-2014-9229

<= 12.1.5

Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) bef

CVE-2014-9228

<= 12.1.5

sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of

CVE-2014-9227

<= 12.1.5

Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow

CVE-2014-3434

all versions

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small

CVE-2013-5011

<= 11.0.7.3

Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x befor

CVE-2013-5010

<= 11.0.7.3

The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x b

CVE-2013-5009

<= 11.0.7.3

The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protecti

CVE-2012-4348

all versions

The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protec

CVE-2012-4953

all versions

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symant

CVE-2012-1821

all versions

The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on

CVE-2012-0295

all versions

The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attacke

CVE-2012-0294

all versions

Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 befo

CVE-2012-0289

all versions

Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.

CVE-2012-1462

all versions

The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00

CVE-2012-1461

all versions

The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-

CVE-2012-1459

all versions

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Ant

CVE-2012-1457

all versions

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-V

CVE-2012-1456

all versions

The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malw

CVE-2012-1446

all versions

The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.10

CVE-2012-1443

all versions

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVE

CVE-2012-1425

all versions

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-M

CVE-2012-1421

all versions

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine

CVE-2011-0551

all versions

Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Prote

CVE-2011-0550

all versions

Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint P

CVE-2010-3268

all versions

The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler se

CVE-2010-0114

all versions

fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6

CVE-2010-0108

all versions

Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x

CVE-2010-0106

all versions

The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x b

CVE-2009-1432

all versions

Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Sy

CVE-2009-1431

<= 11.0

XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System

CVE-2009-1430

<= 11.0

Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2

CVE-2009-1429

<= 11.0

The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); S

CVE-2009-1428

all versions

Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV