CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34998 – Panda Security Free Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34998
29 Nov 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of named pipes. The issue results from allowing an untrusted process to impersonate the client of a pipe. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in t... • https://www.pandasecurity.com/en/support/card?id=100077 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 2CVE-2019-12042
https://notcve.org/view.php?id=CVE-2019-12042
23 May 2019 — Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security. Los permisos no seguros ... • https://github.com/SouhailHammou/Panda-Antivirus-LPE • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8339
https://notcve.org/view.php?id=CVE-2017-8339
30 Apr 2017 — PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver. PSKMAD.sys en Panda Free Antivirus 18.0 permite a los usuarios locales causar una denegación de servicio (BSoD) a través de una solicitud manipulada de DeviceIoControl a \\.\PSMEMDriver. • http://saptech-erp.com.au/resources/panda_bsod.zip • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 24%CPEs: 11EXPL: 0CVE-2012-1420
https://notcve.org/view.php?id=CVE-2012-1420
21 Mar 2012 — The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may lat... • http://osvdb.org/80403 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 7%CPEs: 4EXPL: 0CVE-2012-1432
https://notcve.org/view.php?id=CVE-2012-1432
21 Mar 2012 — The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. El analizador sintáctico Microsoft ... • http://www.ieee-security.org/TC/SP2012/program.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 7%CPEs: 5EXPL: 0CVE-2012-1433
https://notcve.org/view.php?id=CVE-2012-1433
21 Mar 2012 — The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations... • http://www.ieee-security.org/TC/SP2012/program.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 10%CPEs: 4EXPL: 0CVE-2012-1434
https://notcve.org/view.php?id=CVE-2012-1434
21 Mar 2012 — The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. El analizador ... • http://www.ieee-security.org/TC/SP2012/program.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 7%CPEs: 5EXPL: 0CVE-2012-1435
https://notcve.org/view.php?id=CVE-2012-1435
21 Mar 2012 — The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implement... • http://www.ieee-security.org/TC/SP2012/program.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 7%CPEs: 5EXPL: 0CVE-2012-1436
https://notcve.org/view.php?id=CVE-2012-1436
21 Mar 2012 — The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. E... • http://www.ieee-security.org/TC/SP2012/program.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1439
https://notcve.org/view.php?id=CVE-2012-1439
21 Mar 2012 — The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified padding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. El analizador de archivos ELF en eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, y... • http://www.ieee-security.org/TC/SP2012/program.html • CWE-264: Permissions, Privileges, and Access Controls •