cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-5835,https://securityvulnerability.io/vulnerability/CVE-2020-5835,Race Condition Vulnerability in Symantec Endpoint Protection Manager,"A race condition exists in the client remote deployment feature of Symantec Endpoint Protection Manager, which allows unauthorized users to execute arbitrary code with elevated privileges on affected remote systems. This vulnerability may be exploited by an attacker to gain increased access rights, potentially compromising sensitive data and operations within the managed environment.",Symantec,Symantec Endpoint Protection Manager,7,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-05-11T19:22:58.000Z,0
CVE-2020-5834,https://securityvulnerability.io/vulnerability/CVE-2020-5834,Directory Traversal Vulnerability in Symantec Endpoint Protection Manager,"A directory traversal vulnerability exists in Symantec Endpoint Protection Manager, allowing remote actors to exploit this weakness. By manipulating directory paths, an attacker could potentially gain knowledge about file sizes within the directory structure, leading to unauthorized access to sensitive information. This issue specifically affects versions prior to 14.3, emphasizing the need for users to ensure their systems are up-to-date to mitigate risks associated with this exposure.",Symantec,Symantec Endpoint Protection Manager,5.3,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2020-05-11T19:19:56.000Z,0
CVE-2020-5833,https://securityvulnerability.io/vulnerability/CVE-2020-5833,Out of Bounds Vulnerability in Symantec Endpoint Protection Manager,"Symantec Endpoint Protection Manager, versions prior to 14.3, has a vulnerability that allows potentially malicious entities to read memory locations that are outside the allocated memory space of the application. This could lead to unauthorized access to sensitive information, posing a significant risk to security and privacy.",Symantec,Symantec Endpoint Protection Manager,3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-05-11T19:19:45.000Z,0
CVE-2020-5831,https://securityvulnerability.io/vulnerability/CVE-2020-5831,Out of Bounds Vulnerability in Symantec Endpoint Protection Manager,"The Symantec Endpoint Protection Manager (SEPM) versions before 14.2 RU2 MP1 are affected by an out of bounds vulnerability. This flaw allows the application to read memory outside the allocated boundaries, potentially exposing sensitive data or leading to unintended application behavior. Organizations using affected versions are advised to upgrade to mitigate the risks associated with this vulnerability.",Symantec,Symantec Endpoint Protection Manager (sepm),3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-02-11T17:12:59.000Z,0
CVE-2020-5830,https://securityvulnerability.io/vulnerability/CVE-2020-5830,Out of Bounds Vulnerability in Symantec Endpoint Protection Manager,"The vulnerability in Symantec Endpoint Protection Manager (SEPM), present in versions prior to 14.2 RU2 MP1, allows the application to read memory locations that are outside the allocated bounds. This can potentially lead to security issues where attackers might exploit this flaw to gain unauthorized access to sensitive information or disrupt normal application functionalities.",Symantec,Symantec Endpoint Protection Manager (sepm),3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-02-11T17:12:50.000Z,0
CVE-2020-5829,https://securityvulnerability.io/vulnerability/CVE-2020-5829,Out of Bounds Memory Vulnerability in Symantec Endpoint Protection Manager,The vulnerability allows unauthorized access to memory that falls outside the allocated bounds for the Symantec Endpoint Protection Manager. This issue may lead to potential information disclosure and could enable attackers to exploit system weaknesses if left unpatched. Proper updates and security measures should be employed to mitigate the risks associated with this vulnerability as outlined by the vendor.,Symantec,Symantec Endpoint Protection Manager (sepm),3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-02-11T17:11:31.000Z,0
CVE-2020-5828,https://securityvulnerability.io/vulnerability/CVE-2020-5828,Out of Bounds Vulnerability in Symantec Endpoint Protection Manager,"An out of bounds vulnerability exists in Symantec Endpoint Protection Manager prior to version 14.2 RU2 MP1. This issue allows the application to access memory locations outside the allocated bounds, potentially leading to unauthorized data exposure or application instability. It poses risks to users by potentially enabling an attacker to manipulate the memory context, thereby affecting the system's integrity.",Symantec,Symantec Endpoint Protection Manager (sepm),3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-02-11T17:11:18.000Z,0
CVE-2020-5827,https://securityvulnerability.io/vulnerability/CVE-2020-5827,Out of Bounds Vulnerability in Symantec Endpoint Protection Manager,"An out of bounds vulnerability has been identified in Symantec Endpoint Protection Manager (SEPM), allowing unauthorized access to memory not allocated to the application. This could lead to vulnerabilities in data protection measures, potentially exposing sensitive information. Systems running versions prior to 14.2 RU2 MP1 are particularly at risk, making timely updates essential for maintaining security and protecting against potential exploitation.",Symantec,Symantec Endpoint Protection Manager (sepm),3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-02-11T17:09:19.000Z,0
CVE-2019-12759,https://securityvulnerability.io/vulnerability/CVE-2019-12759,Privilege Escalation Vulnerability in Symantec Endpoint Protection Manager and Mail Security for MS Exchange,"Symantec Endpoint Protection Manager and Symantec Mail Security for MS Exchange exhibit a vulnerability that allows attackers to exploit weaknesses in the software. If successful, an attacker could gain unauthorized elevated access to sensitive resources, potentially compromising critical data and operational integrity. Users of these products are advised to update to the latest versions to mitigate the risk.",Symantec,"Symantec Endpoint Protection Manager (sepm), Symantec Mail Security For Ms Exchange (smsmse)",7.8,HIGH,0.0016400000313296914,false,,false,false,false,,,false,false,,2019-11-15T17:41:24.000Z,0
CVE-2018-18368,https://securityvulnerability.io/vulnerability/CVE-2018-18368,Privilege Escalation Vulnerability in Symantec Endpoint Protection Manager,"The Symantec Endpoint Protection Manager (SEPM) software, prior to version 14.2 RU1, has been identified as being susceptible to a privilege escalation flaw. This vulnerability may allow an attacker to exploit the application, leading to unauthorized access to privileged resources that are typically restricted from application or user access. This can pose significant risks to system integrity and data security.",Symantec,Symantec Endpoint Protection Manager (sepm),7.8,HIGH,0.00044999999227002263,false,,false,false,true,2019-07-27T10:22:19.000Z,true,false,false,,2019-11-15T16:58:10.000Z,0
CVE-2018-18367,https://securityvulnerability.io/vulnerability/CVE-2018-18367,DLL Preloading Vulnerability in Symantec Endpoint Protection Manager,"The Symantec Endpoint Protection Manager (SEPM) prior to and including version 12.1 RU6 MP9 and version 14.2 RU1 is prone to a DLL Preloading vulnerability. This occurs when an application attempts to load a Dynamic Link Library (DLL) file and fails to validate its origin, allowing an attacker to exploit this weakness by providing a malicious DLL. Successfully executing this attack could lead to unauthorized actions within the system, putting sensitive data at risk.",Symantec Corporation,Symantec Endpoint Protection Manager,7.8,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2019-04-25T19:22:17.000Z,0
CVE-2016-5307,https://securityvulnerability.io/vulnerability/CVE-2016-5307,,Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors.,Symantec,Endpoint Protection Manager,4.3,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2016-06-30T23:59:00.000Z,0
CVE-2015-8801,https://securityvulnerability.io/vulnerability/CVE-2015-8801,,Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.,Symantec,Endpoint Protection Manager,2.9,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2016-06-30T23:59:00.000Z,0
CVE-2016-3651,https://securityvulnerability.io/vulnerability/CVE-2016-3651,,Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors.,Symantec,Endpoint Protection Manager,8,HIGH,0.0017800000496208668,false,,false,false,false,,,false,false,,2016-06-30T23:59:00.000Z,0
CVE-2016-3647,https://securityvulnerability.io/vulnerability/CVE-2016-3647,,"Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request.",Symantec,Endpoint Protection Manager,7.7,HIGH,0.0012000000569969416,false,,false,false,false,,,false,false,,2016-06-30T23:59:00.000Z,0
CVE-2016-3648,https://securityvulnerability.io/vulnerability/CVE-2016-3648,,"Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window.",Symantec,Endpoint Protection Manager,8.8,HIGH,0.0020000000949949026,false,,false,false,false,,,false,false,,2016-06-30T23:59:00.000Z,0
CVE-2016-3649,https://securityvulnerability.io/vulnerability/CVE-2016-3649,,Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests.,Symantec,Endpoint Protection Manager,4.3,MEDIUM,0.0008800000068731606,false,,false,false,false,,,false,false,,2016-06-30T23:59:00.000Z,0
CVE-2016-3650,https://securityvulnerability.io/vulnerability/CVE-2016-3650,,Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack.,Symantec,Endpoint Protection Manager,8.8,HIGH,0.0017800000496208668,false,,false,false,false,,,false,false,,2016-06-30T23:59:00.000Z,0
CVE-2016-3653,https://securityvulnerability.io/vulnerability/CVE-2016-3653,,Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.,Symantec,Endpoint Protection Manager,8,HIGH,0.0036800000816583633,false,,false,false,false,,,false,false,,2016-06-30T23:59:00.000Z,0
CVE-2016-3652,https://securityvulnerability.io/vulnerability/CVE-2016-3652,,Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,Symantec,Endpoint Protection Manager,5.4,MEDIUM,0.7577599883079529,false,,false,false,false,,,false,false,,2016-06-30T23:59:00.000Z,0
CVE-2016-5304,https://securityvulnerability.io/vulnerability/CVE-2016-5304,,Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,Symantec,Endpoint Protection Manager,6.8,MEDIUM,0.008449999615550041,false,,false,false,false,,,false,false,,2016-06-30T23:59:00.000Z,0
CVE-2016-5305,https://securityvulnerability.io/vulnerability/CVE-2016-5305,,"Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a ""DOM link manipulation"" attack.",Symantec,Endpoint Protection Manager,5.4,MEDIUM,0.0021800000686198473,false,,false,false,false,,,false,false,,2016-06-30T23:59:00.000Z,0
CVE-2016-5306,https://securityvulnerability.io/vulnerability/CVE-2016-5306,,"Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445.",Symantec,Endpoint Protection Manager,5.3,MEDIUM,0.0011699999449774623,false,,false,false,false,,,false,false,,2016-06-30T23:59:00.000Z,0
CVE-2015-8152,https://securityvulnerability.io/vulnerability/CVE-2015-8152,,Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.,Symantec,Endpoint Protection Manager,8,HIGH,0.0012199999764561653,false,,false,false,false,,,false,false,,2016-03-18T14:00:00.000Z,0
CVE-2015-8153,https://securityvulnerability.io/vulnerability/CVE-2015-8153,,SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.,Symantec,Endpoint Protection Manager,8.8,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2016-03-18T14:00:00.000Z,0