CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5740
https://notcve.org/view.php?id=CVE-2014-5740
The Security - Free (aka com.webroot.security) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Security - Free (también conocido como com.webroot.security) 3.6.0.6610 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/231113 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5183
https://notcve.org/view.php?id=CVE-2010-5183
Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute ** EN DISPUTA ** Condición de carrera en Webroot Internet Security Essentials v6.1.0.145 sobre Windows XP permite a usuarios locales evitar manejadores de kernel-mode hook, y ejecutar código malicioso que podría ser bloquedo por un manejador pero no por un detector de malware signature-based, a través de ciertos cambios en memoria user-space durante la ejecución de hook-handler , también conocido por argument-switch attack o ataque KHOBE. Nota: este problema está en disputa por terceras partes. • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://www.f-secure.com/weblog/archives/00001949.html http://www.osvdb.org/67660 http://www.securit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-6961
https://notcve.org/view.php?id=CVE-2006-6961
WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name. WebRoot Spy Sweeper 4.5.9 y anteriores no detectan software malicioso basado en contenidos de archivo, lo cual permite a atacantes remotos evitar la detección de software malicioso cambiando el nombre de un archivo. • http://www.osvdb.org/27538 http://www.securityfocus.com/archive/1/437814/100/200/threaded http://www.sentinel.gr/advisories/SGA-0001.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/27272 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-6960
https://notcve.org/view.php?id=CVE-2006-6960
The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression. La funcionalidad Compression Sweep (barrido de compresión) en WebRoot Spy Sweeper 4.5.9 y anteriores no maneja archivos no ZIP, lo cual permite a atacantes remotos evitar la detección de software malicioso mediante archivos con compresión (1) RAR, (2) GZ, (3) TAR, (4) CAB, o (5) ACE. • http://www.osvdb.org/27536 http://www.securityfocus.com/archive/1/437814/100/200/threaded http://www.sentinel.gr/advisories/SGA-0001.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/27266 •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6959
https://notcve.org/view.php?id=CVE-2006-6959
WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys. WebRoot Spy Sweeper 4.5.9 y anteriores permite a usuarios locales evitar las restricciones de seguridad "Startup-Shield" modificando determinadas claves de registro. • http://www.osvdb.org/27535 http://www.securityfocus.com/archive/1/437814/100/200/threaded http://www.sentinel.gr/advisories/SGA-0001.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/27264 •