Filtered by vendor Webroot
Subscribe
Total
10 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-4015 | 1 Webroot | 1 Brightcloud | 2022-06-07 | 6.8 MEDIUM | 8.1 HIGH |
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server to exploit this vulnerability. | |||||
CVE-2021-40424 | 1 Webroot | 1 Secureanywhere | 2022-04-22 | 4.9 MEDIUM | 6.5 MEDIUM |
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. The GetProcessCommandLine IOCTL request could cause an out-of-bounds read in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability. | |||||
CVE-2021-40425 | 1 Webroot | 1 Secureanywhere | 2022-04-21 | 4.9 MEDIUM | 6.5 MEDIUM |
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. An IOCTL_B03 request with specific invalid data causes a similar issue in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability. | |||||
CVE-2018-4012 | 1 Webroot | 1 Brightcloud | 2022-04-19 | 9.3 HIGH | 8.1 HIGH |
An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud server to trigger this vulnerability. | |||||
CVE-2018-16962 | 2 Apple, Webroot | 2 Macos, Secureanywhere | 2021-09-08 | 7.2 HIGH | 7.8 HIGH |
Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges. | |||||
CVE-2020-5755 | 1 Webroot | 1 Endpoint Agents | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation. | |||||
CVE-2020-5754 | 1 Webroot | 1 Endpoint Agents | 2020-06-22 | 6.4 MEDIUM | 9.1 CRITICAL |
Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent. | |||||
CVE-2014-5741 | 1 Webroot | 1 Security - Complete | 2014-09-15 | 5.4 MEDIUM | N/A |
The Security - Complete (aka com.webroot.security.complete) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-5740 | 1 Webroot | 1 Security - Free | 2014-09-15 | 5.4 MEDIUM | N/A |
The Security - Free (aka com.webroot.security) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2010-5183 | 2 Microsoft, Webroot | 2 Windows Xp, Internet Security Essentials | 2012-09-04 | 6.2 MEDIUM | N/A |
** DISPUTED ** Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. |