Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pandasecurity vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-12042
Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products prior to 18.07.03 allow malicious users to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, w...
Pandasecurity Panda Antivirus
Pandasecurity Panda Dome
Pandasecurity Panda Gold Protection
Pandasecurity Panda Internet Security
Pandasecurity Panda Antivirus Pro
Pandasecurity Panda Global Protection
1 Github repository
NA
CVE-2009-4215
Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs.
Pandasecurity Panda Internet Security 2010
Pandasecurity Panda Antivirus 2010
Pandasecurity Panda Global Protection 2010
NA
CVE-2014-3450
Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and previous versions, Internet Security 2014 19.01.01 and previous versions, and AV Pro 2014 13.01.01 and previous versions allows local users to gain privileges via unspecified vectors.
Pandasecurity Panda Internet Security 2014 19.01.01
Pandasecurity Panda Av Pro 2014 13.01.01
Pandasecurity Panda Gold Protection 7.01.01
Pandasecurity Panda Global Protection 2014 7.01.01
NA
CVE-2014-5307
Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.
Pandasecurity Panda Av Pro 2014 13.01.01
Pandasecurity Panda Global Protection 2014 7.01.01
Pandasecurity Panda Internet Security 2014 19.01.01
7.8
CVSSv3
CVE-2021-26750
DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows malicious user to escalate privileges via maliciously crafted DLL file.
Pandasecurity Panda Adaptive Defense 360
Pandasecurity Panda Devices Agent
NA
CVE-2008-5536
Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows remote malicious users to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt ex...
Pandasecurity Panda Antivirus 9.0.0.4
NA
CVE-2010-5172
Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memor...
Pandasecurity Panda Internet Security 2010 15.01.00
7.5
CVSSv3
CVE-2017-17683
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.
Pandasecurity Panda Global Protection 17.0.1
7.8
CVSSv3
CVE-2018-6321
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.
Pandasecurity Panda Global Protection 17.0.1
7.8
CVSSv3
CVE-2018-6322
Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group.
Pandasecurity Panda Global Protection 17.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »