Vulnerabilities > Webroot > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-12 CVE-2023-29818 Unspecified vulnerability in Webroot Secureanywhere
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin.
local
low complexity
webroot
5.5
2023-05-12 CVE-2023-29819 Improper Privilege Management vulnerability in Webroot Secureanywhere
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload.
local
low complexity
webroot CWE-269
5.5
2023-05-12 CVE-2023-29820 Exposure of Resource to Wrong Sphere vulnerability in Webroot Secureanywhere
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer.
local
low complexity
webroot CWE-668
5.5
2022-04-14 CVE-2021-40424 Out-of-bounds Read vulnerability in Webroot Secureanywhere 21.4
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4.
local
low complexity
webroot CWE-125
4.9
2022-04-14 CVE-2021-40425 Out-of-bounds Read vulnerability in Webroot Secureanywhere 21.4
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4.
local
low complexity
webroot CWE-125
4.9
2020-06-15 CVE-2020-5755 Improper Privilege Management vulnerability in Webroot Endpoint Agents
Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming.
6.9
2020-06-15 CVE-2020-5754 Type Confusion vulnerability in Webroot Endpoint Agents
Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent.
network
low complexity
webroot CWE-843
6.4
2018-12-18 CVE-2018-4015 Improper Certificate Validation vulnerability in Webroot Brightcloud
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK.
network
webroot CWE-295
6.8
2014-09-09 CVE-2014-5741 Cryptographic Issues vulnerability in Webroot Security - Complete 3.6.0.6610
The Security - Complete (aka com.webroot.security.complete) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.4
2014-09-09 CVE-2014-5740 Cryptographic Issues vulnerability in Webroot Security - Free 3.6.0.6610
The Security - Free (aka com.webroot.security) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.4