Vulnerabilities > Drweb
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-24 | CVE-2021-28130 | Uncontrolled Search Path Element vulnerability in Drweb Security Space 12.5.2.4160 Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. | 4.4 |
2021-03-08 | CVE-2020-23967 | Improper Verification of Cryptographic Signature vulnerability in Drweb Security Space 11.0/12.0 Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate. | 7.2 |
2012-03-21 | CVE-2012-1454 | Permissions, Privileges, and Access Controls vulnerability in multiple products The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. | 4.3 |
2012-03-21 | CVE-2012-1453 | Permissions, Privileges, and Access Controls vulnerability in multiple products The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. | 4.3 |
2012-03-21 | CVE-2012-1447 | Permissions, Privileges, and Access Controls vulnerability in multiple products The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. | 4.3 |
2008-12-12 | CVE-2008-5526 | Improper Input Validation vulnerability in Drweb Anti-Virus 4.44.0.09170 DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |