Vulnerabilities > Pandasecurity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-23 | CVE-2019-12042 | Incorrect Permission Assignment FOR Critical Resource vulnerability in Pandasecurity products Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. | 10.0 |
| 2018-03-12 | CVE-2018-6322 | Unspecified vulnerability in Pandasecurity Panda Global Protection 17.0.1 Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group. | 4.6 |
| 2018-03-12 | CVE-2018-6321 | Unquoted Search Path OR Element vulnerability in Pandasecurity Panda Global Protection 17.0.1 Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact. | 4.6 |
| 2017-12-14 | CVE-2017-17684 | Buffer Errors vulnerability in Pandasecurity Panda Global Protection 17.0.1 Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request. | 7.8 |
| 2017-12-14 | CVE-2017-17683 | Buffer Errors vulnerability in Pandasecurity Panda Global Protection 17.0.1 Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request. | 7.8 |
| 2017-05-05 | CVE-2017-8060 | Improper Certificate Validation vulnerability in Pandasecurity Panda Mobile Security 1.1 Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | 4.3 |
| 2017-04-30 | CVE-2017-8339 | Buffer Errors vulnerability in Pandasecurity Panda Free Antivirus 18.0 PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver. | 4.9 |
| 2016-04-18 | CVE-2016-3943 | 7PK - Security Features vulnerability in Pandasecurity Panda Endpoint Administration Agent Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module. | 7.2 |
| 2016-04-18 | CVE-2015-7378 | 7PK - Security Features vulnerability in Pandasecurity Panda Security URL Filtering Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe. | 7.2 |
| 2014-08-26 | CVE-2014-5307 | Buffer Errors vulnerability in Pandasecurity products Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call. | 7.2 |