GCVE - cpe:2.3:a:pandasecurity:panda_antivirus_pro:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:pandasecurity:panda_antivirus_pro:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Pandasecurity (`c59d19e7-a64f-5a1b-8c98-f5333fb5fad7`)
Product	Panda Antivirus Pro (`7e7ef3b3-4929-5773-8bf9-b2c52a3c207b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-34109`	vulnerable	2026-06-08 07:19:02.208974	Panda Security PSEvents.exe Insecure DLL Loading Privilege Escalation PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2). Published: 2025-07-15T13:04:59.958Z Updated: 2026-05-15T11:14:42.519Z Open on db.gcve.eu Reference links https://web.archive.org/web/20160704105329/http://www.pandasecurity.com/uk/support/card?id=100053 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/panda_psevents.rb https://www.exploit-db.com/exploits/40020 https://web.archive.org/web/20170415211828/http://www.security-assessment.com/files/documents/advisory/Panda%20Security%20-%20Privilege%20Escalation.pdf https://www.vulncheck.com/advisories/panda-security-psevents-insecure-dll-loading-privilege-escalation	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12042`	vulnerable	2026-06-08 05:12:38.495465	Details available Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security. Published: 2019-05-23T13:30:44.000Z Updated: 2024-08-04T23:10:30.186Z Open on db.gcve.eu Reference links https://github.com/SouhailHammou/Panda-Antivirus-LPE https://www.pandasecurity.com/usa/support/card?id=100063 https://rce4fun.blogspot.com/2019/05/panda-antivirus-local-privilege.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.