CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26750
https://notcve.org/view.php?id=CVE-2021-26750
23 Sep 2021 — DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file. Un secuestro de DLL en Panda Agent versiones anteriores a 1.16.11 incluyéndola, en Panda Security, S.L.U. Panda Adaptive Defense 360 versiones anteriores a 8.0.17 incluyéndola, permite a un atacante escalar privilegios por medio de un archivo DLL diseñado maliciosamente • https://hansesecure.de/2021/02/vulnerability-in-panda-security-product/?lang=en • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 2CVE-2019-12042
https://notcve.org/view.php?id=CVE-2019-12042
23 May 2019 — Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security. Los permisos no seguros ... • https://github.com/SouhailHammou/Panda-Antivirus-LPE • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6321 – Panda Global Security 17.0.1 Unquoted Service Path
https://notcve.org/view.php?id=CVE-2018-6321
08 Mar 2018 — Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact. Vulnerabilidad de ruta de búsqueda de Windows sin entrecomillar en el servicio panda_url_filtering en Panda Global Protection 17.0.1 permite que usuarios locales obtengan privilegios mediante un artefacto malicioso. Panda Global Security version 17.0.1 suffers from an unquoted service path vulnerability. • https://packetstorm.news/files/id/146707 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6322 – Panda Global Security 17.0.1 NULL DACL Grants Full Access
https://notcve.org/view.php?id=CVE-2018-6322
08 Mar 2018 — Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group. Panda Global Protection 17.0.1 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (DoS) suplantando todas las tuberías mediante el uso de \.\pipe\PSANMSrvcPpal, una "tubería nombrada creada de forma no segura". • https://packetstorm.news/files/id/146708 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17683
https://notcve.org/view.php?id=CVE-2017-17683
14 Dec 2017 — Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request. Panda Global Protection 17.0.1 permite el cierre inesperado del sistema mediante una petición 0xb3702c44 \\.\PSMEMDriver DeviceIoControl. • https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/Panda-Antivirus/Panda_Security_Antivirus_0xb3702c44 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17684
https://notcve.org/view.php?id=CVE-2017-17684
14 Dec 2017 — Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request. Panda Global Protection 17.0.1 permite el cierre inesperado del sistema mediante una petición 0xb3702c04 \\.\PSMEMDriver DeviceIoControl. • https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/Panda-Antivirus/Panda_Security_Antivirus_0xb3702c04_ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5307 – Panda Security 2014 Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-5307
20 Aug 2014 — Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call. Desbordamiento de buffer basado en memoria dinámica en el controlador del modo de kernel PavTPK.sys de los productos Panda Security 2014 anterior a hft131306s24_r1 permite a usuarios locales ganar privilegios a través de un argumento manipulado en una llamada IOCTL 0x222008. Panda 2014 products suffer fro... • http://packetstormsecurity.com/files/127948/Panda-Security-2014-Privilege-Escalation.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3450 – Panda Security Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-3450
21 May 2014 — Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users to gain privileges via unspecified vectors. Vulnerabilidad no especificada en Panda Gold Protection y Global Protection 2014 7.01.01 y anteriores, Internet Security 2014 19.01.01 y anteriores y AV Pro 2014 13.01.01 y anteriores permite a usuarios locales ganar privilegios a través de vectores no especificados. ... • http://seclists.org/fulldisclosure/2014/May/89 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5172
https://notcve.org/view.php?id=CVE-2010-5172
25 Aug 2012 — Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has a... • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 24%CPEs: 11EXPL: 0CVE-2012-1420
https://notcve.org/view.php?id=CVE-2012-1420
21 Mar 2012 — The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may lat... • http://osvdb.org/80403 • CWE-264: Permissions, Privileges, and Access Controls •