聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2017-15534 | The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access. | 6.7 | 0.42% | 2018-03-26 | 2026-06-16 |
| CVE-2014-9228 | sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlock condition. | 4.9 | 0.43% | 2015-09-20 | 2026-06-16 |
| CVE-2020-5821 | Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit. | 7.8 | 0.43% | 2020-02-11 | 2026-06-16 |
| CVE-2017-13681 | Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack. | 7.8 | 0.43% | 2017-11-06 | 2026-06-16 |
| CVE-2016-9100 | Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information. | 7.8 | 0.43% | 2017-05-11 | 2026-06-16 |
| CVE-2025-10847 | DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system. | 8.4 | 0.43% | 2025-10-01 | 2026-06-17 |
| CVE-2017-13674 | Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges. | 7.8 | 0.44% | 2017-09-01 | 2026-06-16 |
| CVE-2014-9227 | Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. | 4.4 | 0.44% | 2015-09-20 | 2026-06-16 |
| CVE-2015-1484 | Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | 6.9 | 0.45% | 2015-04-22 | 2026-06-16 |
| CVE-2016-6587 | An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information. | 5.5 | 0.46% | 2020-01-08 | 2026-06-16 |
| CVE-2015-8113 | Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1492. | 7.2 | 0.47% | 2015-11-11 | 2026-06-16 |
| CVE-2023-23955 | Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. | 8.1 | 0.47% | 2023-05-31 | 2026-06-17 |
| CVE-2013-5011 | Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory. | 7.2 | 0.47% | 2014-01-10 | 2026-06-16 |
| CVE-2024-36455 | An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | 9.4 | 0.47% | 2024-07-15 | 2026-06-17 |
| CVE-2023-23951 | Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application | 6.1 | 0.48% | 2023-01-26 | 2026-06-17 |
| CVE-2019-9699 | Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 4.5 | 0.48% | 2019-10-24 | 2026-06-16 |
| CVE-2019-12759 | Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 | 0.48% | 2019-11-15 | 2026-06-16 |
| CVE-2023-23950 | User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. | 6.1 | 0.50% | 2023-01-26 | 2026-06-17 |
| CVE-2023-23958 | Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. | 6.8 | 0.52% | 2023-09-27 | 2026-06-17 |
| CVE-2018-12239 | Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern | 6.8 | 0.52% | 2018-11-29 | 2026-06-16 |