CVE-2023-2847 – Local privilege escalation in ESET products for Linux and MacOS
https://notcve.org/view.php?id=CVE-2023-2847
During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability. • https://support.eset.com/en/ca8447 • CWE-269: Improper Privilege Management •
CVE-2021-37850 – Denial of service in ESET for Mac products
https://notcve.org/view.php?id=CVE-2021-37850
ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot. ESET se dio cuenta de una vulnerabilidad en sus productos de consumo y empresariales para macOS que permite a un usuario conectado al sistema detener el demonio de ESET, deshabilitando efectivamente la protección del producto de seguridad de ESET hasta un reinicio del sistema • https://support.eset.com/en/ca8151 •
CVE-2020-10193
https://notcve.org/view.php?id=CVE-2020-10193
ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. ESET Archive Support Module versiones anteriores a 1294, permite una omisión de detección de virus por medio de una Información de Compresión RAR en un archivo. Esto afecta a las versiones anteriores a 1294 de Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security para Android, Smart TV Security, y NOD32 Antivirus 4 para Linux Desktop. • https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html • CWE-436: Interpretation Conflict •
CVE-2020-10180
https://notcve.org/view.php?id=CVE-2020-10180
The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. El motor de análisis de ESET AV, permite omitir la detección de virus por medio de un campo BZ2 Checksum diseñado en un archivo. Esto afecta a las versiones anteriores a 1294 de Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security y NOD32 Antivirus 4 para Linux Desktop. • https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html • CWE-436: Interpretation Conflict •
CVE-2019-19792
https://notcve.org/view.php?id=CVE-2019-19792
A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files. Un problema de permisos en ESET Cyber Security versiones anteriores a 6.8.300.0 para macOS, permite a un atacante local escalar privilegios al añadir datos en archivos propiedad de root. • https://danishcyberdefence.dk/blog/esets-cyber-security • CWE-276: Incorrect Default Permissions •