Vulnerabilities > Pandasecurity
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-23 | CVE-2021-26750 | Uncontrolled Search Path Element vulnerability in Pandasecurity Panda Adaptive Defense 360 and Panda Devices Agent DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. | 4.4 |
2019-05-23 | CVE-2019-12042 | Incorrect Permission Assignment for Critical Resource vulnerability in Pandasecurity products Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. | 10.0 |
2018-03-12 | CVE-2018-6322 | Unspecified vulnerability in Pandasecurity Panda Global Protection 17.0.1 Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group. | 4.6 |
2018-03-12 | CVE-2018-6321 | Unquoted Search Path or Element vulnerability in Pandasecurity Panda Global Protection 17.0.1 Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact. | 4.6 |
2017-12-14 | CVE-2017-17684 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pandasecurity Panda Global Protection 17.0.1 Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request. | 7.8 |
2017-12-14 | CVE-2017-17683 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pandasecurity Panda Global Protection 17.0.1 Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request. | 7.8 |
2014-08-26 | CVE-2014-5307 | Buffer Errors vulnerability in Pandasecurity products Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call. | 7.2 |
2014-05-23 | CVE-2014-3450 | Local Privilege Escalation Vulnerabilitiy in Panda Security Multiple Products Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users to gain privileges via unspecified vectors. | 7.2 |
2012-08-25 | CVE-2010-5172 | Race Condition vulnerability in Pandasecurity Panda Internet Security 2010 15.01.00 ** DISPUTED ** Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. | 6.2 |
2012-03-21 | CVE-2012-1463 | Permissions, Privileges, and Access Controls vulnerability in multiple products The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. | 4.3 |