Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Webroot Subscribe
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-4015 1 Webroot 1 Brightcloud 2022-06-07 6.8 MEDIUM 8.1 HIGH
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server to exploit this vulnerability.
CVE-2021-40424 1 Webroot 1 Secureanywhere 2022-04-22 4.9 MEDIUM 6.5 MEDIUM
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. The GetProcessCommandLine IOCTL request could cause an out-of-bounds read in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability.
CVE-2021-40425 1 Webroot 1 Secureanywhere 2022-04-21 4.9 MEDIUM 6.5 MEDIUM
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. An IOCTL_B03 request with specific invalid data causes a similar issue in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability.
CVE-2018-4012 1 Webroot 1 Brightcloud 2022-04-19 9.3 HIGH 8.1 HIGH
An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud server to trigger this vulnerability.
CVE-2018-16962 2 Apple, Webroot 2 Macos, Secureanywhere 2021-09-08 7.2 HIGH 7.8 HIGH
Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.
CVE-2020-5755 1 Webroot 1 Endpoint Agents 2021-07-21 6.9 MEDIUM 7.8 HIGH
Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation.
CVE-2020-5754 1 Webroot 1 Endpoint Agents 2020-06-22 6.4 MEDIUM 9.1 CRITICAL
Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent.
CVE-2014-5741 1 Webroot 1 Security - Complete 2014-09-15 5.4 MEDIUM N/A
The Security - Complete (aka com.webroot.security.complete) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5740 1 Webroot 1 Security - Free 2014-09-15 5.4 MEDIUM N/A
The Security - Free (aka com.webroot.security) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2010-5183 2 Microsoft, Webroot 2 Windows Xp, Internet Security Essentials 2012-09-04 6.2 MEDIUM N/A
** DISPUTED ** Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.