Vulnerabilities > Pandasecurity

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2021-26750 Uncontrolled Search Path Element vulnerability in Pandasecurity Panda Adaptive Defense 360 and Panda Devices Agent
DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U.
4.4
2019-05-23 CVE-2019-12042 Incorrect Permission Assignment for Critical Resource vulnerability in Pandasecurity products
Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued.
network
low complexity
pandasecurity CWE-732
critical
10.0
2018-03-12 CVE-2018-6322 Unspecified vulnerability in Pandasecurity Panda Global Protection 17.0.1
Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group.
local
low complexity
pandasecurity
4.6
2018-03-12 CVE-2018-6321 Unquoted Search Path or Element vulnerability in Pandasecurity Panda Global Protection 17.0.1
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.
local
low complexity
pandasecurity CWE-428
4.6
2017-12-14 CVE-2017-17684 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pandasecurity Panda Global Protection 17.0.1
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request.
network
low complexity
pandasecurity CWE-119
7.8
2017-12-14 CVE-2017-17683 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pandasecurity Panda Global Protection 17.0.1
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.
network
low complexity
pandasecurity CWE-119
7.8
2014-08-26 CVE-2014-5307 Buffer Errors vulnerability in Pandasecurity products
Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.
local
low complexity
pandasecurity CWE-119
7.2
2014-05-23 CVE-2014-3450 Local Privilege Escalation Vulnerabilitiy in Panda Security Multiple Products
Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users to gain privileges via unspecified vectors.
local
low complexity
pandasecurity
7.2
2012-08-25 CVE-2010-5172 Race Condition vulnerability in Pandasecurity Panda Internet Security 2010 15.01.00
** DISPUTED ** Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.
local
high complexity
pandasecurity microsoft CWE-362
6.2
2012-03-21 CVE-2012-1463 Permissions, Privileges, and Access Controls vulnerability in multiple products
The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field.
4.3