Search criteria
21 vulnerabilities found for 360_total_security by 360totalsecurity
FKIE_CVE-2024-22014
Vulnerability from fkie_nvd - Published: 2024-04-15 18:15 - Updated: 2025-06-30 14:26
Severity ?
Summary
An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/mansk1es/CVE_360TS | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mansk1es/CVE_360TS | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 360totalsecurity | 360_total_security | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:360totalsecurity:360_total_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD85DD1-AD75-466E-ACC3-D30DC6EFD031",
"versionEndIncluding": "11.0.0.1061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete."
},
{
"lang": "es",
"value": "Un problema descubierto en 360 Total Security Antivirus hasta la versi\u00f3n 11.0.0.1061 para Windows permite a los atacantes obtener privilegios aumentados a trav\u00e9s de Symbolic Link Follow hasta la eliminaci\u00f3n arbitraria de archivos."
}
],
"id": "CVE-2024-22014",
"lastModified": "2025-06-30T14:26:28.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-15T18:15:10.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mansk1es/CVE_360TS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mansk1es/CVE_360TS"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-61"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-33973
Vulnerability from fkie_nvd - Published: 2023-04-19 21:15 - Updated: 2025-02-05 16:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://pastebin.com/fsLDebg5 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/ | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pastebin.com/fsLDebg5 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/ | Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 360totalsecurity | 360_total_security | 10.8.0.1213 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:360totalsecurity:360_total_security:10.8.0.1213:*:*:*:*:*:*:*",
"matchCriteriaId": "3189D308-F320-4EDB-AB53-E4252E0557FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges."
}
],
"id": "CVE-2021-33973",
"lastModified": "2025-02-05T16:15:29.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-19T21:15:06.693",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pastebin.com/fsLDebg5"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pastebin.com/fsLDebg5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-15724
Vulnerability from fkie_nvd - Published: 2020-07-21 18:15 - Updated: 2024-11-21 05:06
Severity ?
Summary
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
References
| URL | Tags | ||
|---|---|---|---|
| security@360.cn | https://security.360.cn/News/news/id/232 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.360.cn/News/news/id/232 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 360totalsecurity | 360_total_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:360totalsecurity:360_total_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2F3CC1-51C6-49A6-B069-9289287EA7AC",
"versionEndIncluding": "12.1.0.1005",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
},
{
"lang": "es",
"value": "En 360 ??Total Security versi\u00f3n 12.1.0.1005 y por debajo, cuando Gamefolde llama al archivo GameChrome.exe, se presenta una vulnerabilidad de escalada de privilegios local. Un atacante que podr\u00eda explotar el secuestro de DLL para omitir los HIPS, podr\u00eda ejecutar c\u00f3digo arbitrario en el sistema Local"
}
],
"id": "CVE-2020-15724",
"lastModified": "2024-11-21T05:06:06.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-21T18:15:20.193",
"references": [
{
"source": "security@360.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://security.360.cn/News/news/id/232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"sourceIdentifier": "security@360.cn",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-15722
Vulnerability from fkie_nvd - Published: 2020-07-21 18:15 - Updated: 2024-11-21 05:06
Severity ?
Summary
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system.
References
| URL | Tags | ||
|---|---|---|---|
| security@360.cn | https://security.360.cn/News/news/id/232 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.360.cn/News/news/id/232 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 360totalsecurity | 360_total_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:360totalsecurity:360_total_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D275F40A-818B-4D1A-955A-7A9CBB49CDA0",
"versionEndIncluding": "12.1.0.1004",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system."
},
{
"lang": "es",
"value": "En 360 ??Total Security versi\u00f3n 12.1.0.1004 y por debajo, cuando TPI llama al proceso del navegador, se presenta una vulnerabilidad de escalada de privilegios local. Un atacante que podr\u00eda explotar el secuestro de DLL podr\u00eda ejecutar c\u00f3digo arbitrario en el sistema local"
}
],
"id": "CVE-2020-15722",
"lastModified": "2024-11-21T05:06:06.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-21T18:15:20.007",
"references": [
{
"source": "security@360.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://security.360.cn/News/news/id/232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"sourceIdentifier": "security@360.cn",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-15723
Vulnerability from fkie_nvd - Published: 2020-07-21 18:15 - Updated: 2024-11-21 05:06
Severity ?
Summary
In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
References
| URL | Tags | ||
|---|---|---|---|
| security@360.cn | https://security.360.cn/News/news/id/232 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.360.cn/News/news/id/232 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 360totalsecurity | 360_total_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:360totalsecurity:360_total_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D275F40A-818B-4D1A-955A-7A9CBB49CDA0",
"versionEndIncluding": "12.1.0.1004",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
},
{
"lang": "es",
"value": "En 360 ??Total Security versi\u00f3n 12.1.0.1004 y por debajo, cuando el proceso principal de 360 ??Total Security llama al archivo GameChrome.exe, se presenta una vulnerabilidad de escalada de privilegios local. Un atacante que podr\u00eda explotar el secuestro de DLL para omitir los HIPS podr\u00eda ejecutar c\u00f3digo arbitrario en el sistema local"
}
],
"id": "CVE-2020-15723",
"lastModified": "2024-11-21T05:06:06.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-21T18:15:20.067",
"references": [
{
"source": "security@360.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://security.360.cn/News/news/id/232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"sourceIdentifier": "security@360.cn",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-18603
Vulnerability from fkie_nvd - Published: 2018-10-23 16:29 - Updated: 2024-11-21 03:56
Severity ?
Summary
360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/ | Third Party Advisory | |
| nvd@nist.gov | https://exchange.xforce.ibmcloud.com/vulnerabilities/151867 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 360totalsecurity | 360_total_security | 3.5.0.1033 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:360totalsecurity:360_total_security:3.5.0.1033:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1D5907-E59C-46F7-9181-14B800419423",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "360 Total Security 3.5.0.1033 allows a Sandbox Escape via an \"import os\" statement, followed by os.system(\"CMD\") or os.system(\"PowerShell\"), within a .py file. NOTE: the vendor\u0027s position is that this cannot be categorized as a vulnerability, although it is a security-related issue"
},
{
"lang": "es",
"value": "** EN DISPUTA ** 360 Total Security 3.5.0.1033 permite el escape del sandbox mediante una instrucci\u00f3n \"import os\", seguida por os.system (\"CMD\") u os.system(\"PowerShell\"), en un archivo .py. NOTA: la posici\u00f3n del fabricante fabricante es que esto no puede ser categorizado como una vulnerabilidad, aunque es un tema relacionado con la seguridad."
}
],
"id": "CVE-2018-18603",
"lastModified": "2024-11-21T03:56:13.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-23T16:29:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-12653
Vulnerability from fkie_nvd - Published: 2017-08-07 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://blogs.securiteam.com/index.php/archives/3314#more-3314 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.securiteam.com/index.php/archives/3314#more-3314 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 360totalsecurity | 360_total_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:360totalsecurity:360_total_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A4E868-F621-4AD0-9285-A65DAD060F89",
"versionEndIncluding": "9.0.0.1202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\\Python27 directory."
},
{
"lang": "es",
"value": "360 Total Security 9.0.0.1202 en versiones anteriores a la 2017-07-07 permite escalar privilegios empleando un archivo troyano Shcore.dll en cualquier directorio de la ruta, tal u como se demostr\u00f3 en el directorio C:\\Python27."
}
],
"id": "CVE-2017-12653",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T18:29:00.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-22014 (GCVE-0-2024-22014)
Vulnerability from cvelistv5 – Published: 2024-04-15 00:00 – Updated: 2025-03-13 19:54
VLAI?
Summary
An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mansk1es/CVE_360TS"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:360totalsecurity:antivirus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "antivirus",
"vendor": "360totalsecurity",
"versions": [
{
"lessThanOrEqual": "11.0.0.1061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T20:23:00.922325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T19:54:44.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T17:53:43.891Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mansk1es/CVE_360TS"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22014",
"datePublished": "2024-04-15T00:00:00.000Z",
"dateReserved": "2024-01-03T00:00:00.000Z",
"dateUpdated": "2025-03-13T19:54:44.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33973 (GCVE-0-2021-33973)
Vulnerability from cvelistv5 – Published: 2023-04-19 00:00 – Updated: 2025-02-05 16:07
VLAI?
Summary
Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:52.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/fsLDebg5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-33973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T16:06:16.163007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T16:07:17.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"url": "https://pastebin.com/fsLDebg5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33973",
"datePublished": "2023-04-19T00:00:00.000Z",
"dateReserved": "2021-06-07T00:00:00.000Z",
"dateUpdated": "2025-02-05T16:07:17.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15724 (GCVE-0-2020-15724)
Vulnerability from cvelistv5 – Published: 2020-07-21 17:36 – Updated: 2024-08-04 13:22
VLAI?
Summary
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
Severity ?
No CVSS data available.
CWE
- local privilege escalation vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 360 Total Security |
Affected:
12.1.0.1005
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "360 Total Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1.0.1005"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:36:16",
"orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"shortName": "360ST"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@360.cn",
"ID": "CVE-2020-15724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "360 Total Security",
"version": {
"version_data": [
{
"version_value": "12.1.0.1005"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.360.cn/News/news/id/232",
"refsource": "MISC",
"url": "https://security.360.cn/News/news/id/232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"assignerShortName": "360ST",
"cveId": "CVE-2020-15724",
"datePublished": "2020-07-21T17:36:16",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15722 (GCVE-0-2020-15722)
Vulnerability from cvelistv5 – Published: 2020-07-21 17:10 – Updated: 2024-08-04 13:22
VLAI?
Summary
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system.
Severity ?
No CVSS data available.
CWE
- local privilege escalation vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 360 Total Security |
Affected:
12.1.0.1004
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "360 Total Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1.0.1004"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:10:21",
"orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"shortName": "360ST"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@360.cn",
"ID": "CVE-2020-15722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "360 Total Security",
"version": {
"version_data": [
{
"version_value": "12.1.0.1004"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.360.cn/News/news/id/232",
"refsource": "MISC",
"url": "https://security.360.cn/News/news/id/232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"assignerShortName": "360ST",
"cveId": "CVE-2020-15722",
"datePublished": "2020-07-21T17:10:21",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15723 (GCVE-0-2020-15723)
Vulnerability from cvelistv5 – Published: 2020-07-21 17:04 – Updated: 2024-08-04 13:22
VLAI?
Summary
In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
Severity ?
No CVSS data available.
CWE
- local privilege escalation vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 360 Total Security |
Affected:
12.1.0.1004
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "360 Total Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1.0.1004"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:04:50",
"orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"shortName": "360ST"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@360.cn",
"ID": "CVE-2020-15723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "360 Total Security",
"version": {
"version_data": [
{
"version_value": "12.1.0.1004"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.360.cn/News/news/id/232",
"refsource": "MISC",
"url": "https://security.360.cn/News/news/id/232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"assignerShortName": "360ST",
"cveId": "CVE-2020-15723",
"datePublished": "2020-07-21T17:04:50",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18603 (GCVE-0-2018-18603)
Vulnerability from cvelistv5 – Published: 2018-10-23 16:00 – Updated: 2024-08-05 11:15 Disputed
VLAI?
Summary
360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "360 Total Security 3.5.0.1033 allows a Sandbox Escape via an \"import os\" statement, followed by os.system(\"CMD\") or os.system(\"PowerShell\"), within a .py file. NOTE: the vendor\u0027s position is that this cannot be categorized as a vulnerability, although it is a security-related issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** 360 Total Security 3.5.0.1033 allows a Sandbox Escape via an \"import os\" statement, followed by os.system(\"CMD\") or os.system(\"PowerShell\"), within a .py file. NOTE: the vendor\u0027s position is that this cannot be categorized as a vulnerability, although it is a security-related issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/",
"refsource": "MISC",
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18603",
"datePublished": "2018-10-23T16:00:00",
"dateReserved": "2018-10-23T00:00:00",
"dateUpdated": "2024-08-05T11:15:59.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12653 (GCVE-0-2017-12653)
Vulnerability from cvelistv5 – Published: 2017-08-07 18:00 – Updated: 2024-09-16 16:53
VLAI?
Summary
360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\\Python27 directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\\Python27 directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.securiteam.com/index.php/archives/3314#more-3314",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12653",
"datePublished": "2017-08-07T18:00:00Z",
"dateReserved": "2017-08-07T00:00:00Z",
"dateUpdated": "2024-09-16T16:53:47.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22014 (GCVE-0-2024-22014)
Vulnerability from nvd – Published: 2024-04-15 00:00 – Updated: 2025-03-13 19:54
VLAI?
Summary
An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mansk1es/CVE_360TS"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:360totalsecurity:antivirus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "antivirus",
"vendor": "360totalsecurity",
"versions": [
{
"lessThanOrEqual": "11.0.0.1061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T20:23:00.922325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T19:54:44.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T17:53:43.891Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mansk1es/CVE_360TS"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22014",
"datePublished": "2024-04-15T00:00:00.000Z",
"dateReserved": "2024-01-03T00:00:00.000Z",
"dateUpdated": "2025-03-13T19:54:44.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33973 (GCVE-0-2021-33973)
Vulnerability from nvd – Published: 2023-04-19 00:00 – Updated: 2025-02-05 16:07
VLAI?
Summary
Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:52.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/fsLDebg5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-33973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T16:06:16.163007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T16:07:17.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"url": "https://pastebin.com/fsLDebg5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33973",
"datePublished": "2023-04-19T00:00:00.000Z",
"dateReserved": "2021-06-07T00:00:00.000Z",
"dateUpdated": "2025-02-05T16:07:17.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15724 (GCVE-0-2020-15724)
Vulnerability from nvd – Published: 2020-07-21 17:36 – Updated: 2024-08-04 13:22
VLAI?
Summary
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
Severity ?
No CVSS data available.
CWE
- local privilege escalation vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 360 Total Security |
Affected:
12.1.0.1005
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "360 Total Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1.0.1005"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:36:16",
"orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"shortName": "360ST"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@360.cn",
"ID": "CVE-2020-15724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "360 Total Security",
"version": {
"version_data": [
{
"version_value": "12.1.0.1005"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.360.cn/News/news/id/232",
"refsource": "MISC",
"url": "https://security.360.cn/News/news/id/232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"assignerShortName": "360ST",
"cveId": "CVE-2020-15724",
"datePublished": "2020-07-21T17:36:16",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15722 (GCVE-0-2020-15722)
Vulnerability from nvd – Published: 2020-07-21 17:10 – Updated: 2024-08-04 13:22
VLAI?
Summary
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system.
Severity ?
No CVSS data available.
CWE
- local privilege escalation vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 360 Total Security |
Affected:
12.1.0.1004
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "360 Total Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1.0.1004"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:10:21",
"orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"shortName": "360ST"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@360.cn",
"ID": "CVE-2020-15722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "360 Total Security",
"version": {
"version_data": [
{
"version_value": "12.1.0.1004"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.360.cn/News/news/id/232",
"refsource": "MISC",
"url": "https://security.360.cn/News/news/id/232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"assignerShortName": "360ST",
"cveId": "CVE-2020-15722",
"datePublished": "2020-07-21T17:10:21",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15723 (GCVE-0-2020-15723)
Vulnerability from nvd – Published: 2020-07-21 17:04 – Updated: 2024-08-04 13:22
VLAI?
Summary
In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
Severity ?
No CVSS data available.
CWE
- local privilege escalation vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 360 Total Security |
Affected:
12.1.0.1004
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "360 Total Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1.0.1004"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:04:50",
"orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"shortName": "360ST"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@360.cn",
"ID": "CVE-2020-15723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "360 Total Security",
"version": {
"version_data": [
{
"version_value": "12.1.0.1004"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.360.cn/News/news/id/232",
"refsource": "MISC",
"url": "https://security.360.cn/News/news/id/232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"assignerShortName": "360ST",
"cveId": "CVE-2020-15723",
"datePublished": "2020-07-21T17:04:50",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18603 (GCVE-0-2018-18603)
Vulnerability from nvd – Published: 2018-10-23 16:00 – Updated: 2024-08-05 11:15 Disputed
VLAI?
Summary
360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "360 Total Security 3.5.0.1033 allows a Sandbox Escape via an \"import os\" statement, followed by os.system(\"CMD\") or os.system(\"PowerShell\"), within a .py file. NOTE: the vendor\u0027s position is that this cannot be categorized as a vulnerability, although it is a security-related issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** 360 Total Security 3.5.0.1033 allows a Sandbox Escape via an \"import os\" statement, followed by os.system(\"CMD\") or os.system(\"PowerShell\"), within a .py file. NOTE: the vendor\u0027s position is that this cannot be categorized as a vulnerability, although it is a security-related issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/",
"refsource": "MISC",
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18603",
"datePublished": "2018-10-23T16:00:00",
"dateReserved": "2018-10-23T00:00:00",
"dateUpdated": "2024-08-05T11:15:59.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12653 (GCVE-0-2017-12653)
Vulnerability from nvd – Published: 2017-08-07 18:00 – Updated: 2024-09-16 16:53
VLAI?
Summary
360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\\Python27 directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\\Python27 directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.securiteam.com/index.php/archives/3314#more-3314",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12653",
"datePublished": "2017-08-07T18:00:00Z",
"dateReserved": "2017-08-07T00:00:00Z",
"dateUpdated": "2024-09-16T16:53:47.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}