Vulnerabilities > Pandasecurity

DATE CVE VULNERABILITY TITLE RISK
2019-05-23 CVE-2019-12042 Incorrect Permission Assignment FOR Critical Resource vulnerability in Pandasecurity products
Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued.
network
low complexity
pandasecurity CWE-732
critical
10.0
2018-03-12 CVE-2018-6322 Unspecified vulnerability in Pandasecurity Panda Global Protection 17.0.1
Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group.
local
low complexity
pandasecurity
4.6
2018-03-12 CVE-2018-6321 Unquoted Search Path OR Element vulnerability in Pandasecurity Panda Global Protection 17.0.1
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.
local
low complexity
pandasecurity CWE-428
4.6
2017-12-14 CVE-2017-17684 Buffer Errors vulnerability in Pandasecurity Panda Global Protection 17.0.1
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request.
network
low complexity
pandasecurity CWE-119
7.8
2017-12-14 CVE-2017-17683 Buffer Errors vulnerability in Pandasecurity Panda Global Protection 17.0.1
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.
network
low complexity
pandasecurity CWE-119
7.8
2017-05-05 CVE-2017-8060 Improper Certificate Validation vulnerability in Pandasecurity Panda Mobile Security 1.1
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
4.3
2017-04-30 CVE-2017-8339 Buffer Errors vulnerability in Pandasecurity Panda Free Antivirus 18.0
PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver.
local
low complexity
pandasecurity CWE-119
4.9
2016-04-18 CVE-2016-3943 7PK - Security Features vulnerability in Pandasecurity Panda Endpoint Administration Agent
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.
local
low complexity
pandasecurity CWE-254
7.2
2016-04-18 CVE-2015-7378 7PK - Security Features vulnerability in Pandasecurity Panda Security URL Filtering
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.
local
low complexity
pandasecurity CWE-254
7.2
2014-08-26 CVE-2014-5307 Buffer Errors vulnerability in Pandasecurity products
Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.
local
low complexity
pandasecurity CWE-119
7.2