Vendor CVEs
Panda Project
All CVEs
37 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6322 | Hig | 0.51 | 7.8 | 0.00 | Mar 12, 2018 | Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group. | ||
| CVE-2018-6321 | Hig | 0.51 | 7.8 | 0.00 | Mar 12, 2018 | Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact. | ||
| CVE-2012-1463 | 0.08 | — | 0.94 | Mar 21, 2012 | The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning… | |||
| CVE-2012-1442 | 0.08 | — | 0.99 | Mar 21, 2012 | The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.61.0, Antiy Labs AVL SDK… | |||
| CVE-2012-1439 | 0.07 | — | 0.90 | Mar 21, 2012 | The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified padding field. NOTE: this may later be SPLIT into multiple CVEs if… | |||
| CVE-2012-1432 | 0.07 | — | 0.94 | Mar 21, 2012 | The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \57\69\6E\5A\69\70 character sequence… | |||
| CVE-2012-1440 | 0.06 | — | 0.78 | Mar 21, 2012 | The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may… | |||
| CVE-2012-1434 | 0.05 | — | 0.60 | Mar 21, 2012 | The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a… | |||
| CVE-2008-3155 | 0.04 | — | 0.08 | Jul 11, 2008 | Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method. | |||
| CVE-2008-3156 | 0.03 | — | 0.04 | Jul 11, 2008 | The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method. | |||
| CVE-2008-1471 | 0.03 | — | 0.01 | Mar 24, 2008 | The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of… | |||
| CVE-2007-4191 | 0.03 | — | 0.01 | Aug 8, 2007 | Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657. | |||
| CVE-2006-4295 | 0.03 | — | 0.02 | Aug 23, 2006 | Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||
| CVE-2004-1904 | 0.03 | — | 0.05 | Dec 31, 2004 | Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string. | |||
| CVE-2000-0264 | 0.03 | — | 0.01 | Apr 17, 2000 | Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods. | |||
| CVE-2008-5005 | 0.01 | — | 0.06 | Nov 10, 2008 | Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command… | |||
| CVE-2007-3026 | 0.01 | — | 0.09 | Jul 25, 2007 | Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow. | |||
| CVE-2014-3450 | 0.00 | — | 0.00 | May 23, 2014 | Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users to gain privileges via unspecified vectors. | |||
| CVE-2010-5172 | 0.00 | — | 0.00 | Aug 25, 2012 | Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space… | |||
| CVE-2009-3735 | 0.00 | — | 0.06 | Feb 11, 2010 | The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which… | |||
| CVE-2009-4215 | 0.00 | — | 0.00 | Dec 7, 2009 | Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs. | |||
| CVE-2008-5536 | 0.00 | — | 0.03 | Dec 12, 2008 | Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3)… | |||
| CVE-2007-3969 | 0.00 | — | 0.06 | Jul 25, 2007 | Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around." | |||
| CVE-2007-1673 | 0.00 | — | 0.03 | May 9, 2007 | unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||
| CVE-2007-1670 | 0.00 | — | 0.03 | May 9, 2007 | Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||
| CVE-2006-5967 | 0.00 | — | 0.02 | Nov 17, 2006 | Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is… | |||
| CVE-2006-5966 | 0.00 | — | 0.02 | Nov 17, 2006 | Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to (1) reboot the system using the Reinicializar method in the ActiveScan.1 ActiveX control, or (2) determine arbitrary file existence and size via the ObtenerTamano method in the PAVPZ.SOS.1… | |||
| CVE-2006-4658 | 0.00 | — | 0.02 | Sep 9, 2006 | Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns. | |||
| CVE-2006-4657 | 0.00 | — | 0.00 | Sep 9, 2006 | Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE. | |||
| CVE-2006-4659 | 0.00 | — | 0.02 | Sep 9, 2006 | The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable… | |||
| CVE-2005-3922 | 0.00 | — | 0.06 | Nov 30, 2005 | Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive. | |||
| CVE-2005-3380 | 0.00 | — | 0.01 | Oct 30, 2005 | Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that… | |||
| CVE-2005-3230 | 0.00 | — | 0.02 | Oct 14, 2005 | Multiple interpretation error in unspecified versions of Panda Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar… | |||
| CVE-2004-1905 | 0.00 | — | 0.02 | Dec 31, 2004 | ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause a denial of service (crash) by calling the SetSitesFile function. | |||
| CVE-2001-1149 | 0.00 | — | 0.01 | Aug 21, 2001 | Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file. | |||
| CVE-2000-0541 | 0.00 | — | 0.01 | Jun 17, 2000 | The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command. | |||
| CVE-2000-0265 | 0.00 | — | 0.00 | Apr 17, 2000 | Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet. |
- risk 0.51cvss 7.8epss 0.00
Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group.
- risk 0.51cvss 7.8epss 0.00
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.
- CVE-2012-1463Mar 21, 2012risk 0.08cvss —epss 0.94
The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning…
- CVE-2012-1442Mar 21, 2012risk 0.08cvss —epss 0.99
The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.61.0, Antiy Labs AVL SDK…
- CVE-2012-1439Mar 21, 2012risk 0.07cvss —epss 0.90
The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified padding field. NOTE: this may later be SPLIT into multiple CVEs if…
- CVE-2012-1432Mar 21, 2012risk 0.07cvss —epss 0.94
The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \57\69\6E\5A\69\70 character sequence…
- CVE-2012-1440Mar 21, 2012risk 0.06cvss —epss 0.78
The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may…
- CVE-2012-1434Mar 21, 2012risk 0.05cvss —epss 0.60
The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a…
- CVE-2008-3155Jul 11, 2008risk 0.04cvss —epss 0.08
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.
- CVE-2008-3156Jul 11, 2008risk 0.03cvss —epss 0.04
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
- CVE-2008-1471Mar 24, 2008risk 0.03cvss —epss 0.01
The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of…
- CVE-2007-4191Aug 8, 2007risk 0.03cvss —epss 0.01
Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.
- CVE-2006-4295Aug 23, 2006risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
- CVE-2004-1904Dec 31, 2004risk 0.03cvss —epss 0.05
Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string.
- CVE-2000-0264Apr 17, 2000risk 0.03cvss —epss 0.01
Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.
- CVE-2008-5005Nov 10, 2008risk 0.01cvss —epss 0.06
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command…
- CVE-2007-3026Jul 25, 2007risk 0.01cvss —epss 0.09
Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow.
- CVE-2014-3450May 23, 2014risk 0.00cvss —epss 0.00
Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users to gain privileges via unspecified vectors.
- CVE-2010-5172Aug 25, 2012risk 0.00cvss —epss 0.00
Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space…
- CVE-2009-3735Feb 11, 2010risk 0.00cvss —epss 0.06
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which…
- CVE-2009-4215Dec 7, 2009risk 0.00cvss —epss 0.00
Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs.
- CVE-2008-5536Dec 12, 2008risk 0.00cvss —epss 0.03
Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3)…
- CVE-2007-3969Jul 25, 2007risk 0.00cvss —epss 0.06
Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around."
- CVE-2007-1673May 9, 2007risk 0.00cvss —epss 0.03
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
- CVE-2007-1670May 9, 2007risk 0.00cvss —epss 0.03
Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
- CVE-2006-5967Nov 17, 2006risk 0.00cvss —epss 0.02
Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is…
- CVE-2006-5966Nov 17, 2006risk 0.00cvss —epss 0.02
Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to (1) reboot the system using the Reinicializar method in the ActiveScan.1 ActiveX control, or (2) determine arbitrary file existence and size via the ObtenerTamano method in the PAVPZ.SOS.1…
- CVE-2006-4658Sep 9, 2006risk 0.00cvss —epss 0.02
Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns.
- CVE-2006-4657Sep 9, 2006risk 0.00cvss —epss 0.00
Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE.
- CVE-2006-4659Sep 9, 2006risk 0.00cvss —epss 0.02
The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable…
- CVE-2005-3922Nov 30, 2005risk 0.00cvss —epss 0.06
Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.
- CVE-2005-3380Oct 30, 2005risk 0.00cvss —epss 0.01
Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that…
- CVE-2005-3230Oct 14, 2005risk 0.00cvss —epss 0.02
Multiple interpretation error in unspecified versions of Panda Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar…
- CVE-2004-1905Dec 31, 2004risk 0.00cvss —epss 0.02
ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause a denial of service (crash) by calling the SetSitesFile function.
- CVE-2001-1149Aug 21, 2001risk 0.00cvss —epss 0.01
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.
- CVE-2000-0541Jun 17, 2000risk 0.00cvss —epss 0.01
The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command.
- CVE-2000-0265Apr 17, 2000risk 0.00cvss —epss 0.00
Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet.