CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3972
https://notcve.org/view.php?id=CVE-2019-3972
17 Jul 2019 — Comodo Antivirus versions 12.0.0.6810 and below are vulnerable to Denial of Service affecting CmdAgent.exe via an unprotected section object "
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3971
https://notcve.org/view.php?id=CVE-2019-3971
17 Jul 2019 — Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local Denial of Service affecting CmdVirth.exe via its LPC port "cmdvrtLPCServerPort". A low privileged local process can connect to this port and send an LPC_DATAGRAM, which triggers an Access Violation due to hardcoded NULLs used for Source parameter in a memcpy operation that is called for this handler. This results in CmdVirth.exe and its child svchost.exe instances to terminate. Comodo Antivirus versiones hasta la 12.0.0.6810 y anteriores,... • https://www.tenable.com/security/research/tra-2019-34 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3970
https://notcve.org/view.php?id=CVE-2019-3970
17 Jul 2019 — Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data directly and change virus signatures. Comodo Antivirus versiones hasta la 12.0.0.6810 y anteriores, son vulnerables a la Escritura de Archivos Arbitraria debido a que el archivo Cavwp.exe maneja la base de datos del Antiv... • https://www.tenable.com/security/research/tra-2019-34 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3969
https://notcve.org/view.php?id=CVE-2019-3969
17 Jul 2019 — Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdAgent's handling of COM clients. A local process can bypass the signature check enforced by CmdAgent via process hollowing which can then allow the process to invoke sensitive COM methods in CmdAgent such as writing to the registry with SYSTEM privileges. Comodo Antivirus versiones hasta la 12.0.0.6810 y anteriores, son vulnerables a una Escalada de Privilegios Local debido al manejo de clientes COM de CmdAgen... • https://www.tenable.com/security/research/tra-2019-34 •
CVSS: 9.8EPSS: 92%CPEs: 1EXPL: 6CVE-2018-17431 – Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-17431
29 Jan 2019 — Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL. La consola web en Comodo UTM Firewall, en versiones anteriores a la 2.7.0, permite a los atacantes remotos ejecutar código arbitrario sin autenticarse mediante una URL manipulada. Comodo Unified Threat Management Web Console version 2.7.0 suffers from a remote code execution vulnerability. • https://packetstorm.news/files/id/159246 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 2CVE-2014-7872 – Comodo GeekBuddy < 4.18.121 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-7872
09 Jun 2015 — Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server. Comodo GeekBuddy anterior a 4.18.121 no restringe el acceso al servidor VNC, lo que permite a usuarios locales ganar privilegios mediante la conexión al servidor. Comodo Internet Security installs GeekBuddy which installs a weakly secure exposed VNC server. • https://packetstorm.news/files/id/135841 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.4EPSS: 5%CPEs: 1EXPL: 3CVE-2014-9633 – Comodo Backup 4.4.0.0 - Null Pointer Dereference Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-9633
03 Feb 2015 — The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. El controlador bdisk.sys en COMODO Backup anterior a 4.4.1.23 permite a atacantes remotos ganar privilegios a través de un manejo de dispositivos manipulado, lo que provoca una referencia a puntero nulo. • https://www.exploit-db.com/exploits/35905 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 29EXPL: 0CVE-2010-5185
https://notcve.org/view.php?id=CVE-2010-5185
26 Aug 2012 — The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors. El componente Antivirus en Comodo Internet Security anterior a v5.3.174622.1216 no comprueba adecuadamente si los certificados X.509 de ficheros ejecutables han sido revocados, lo cual tiene un impacto desconocido y vectores de ataque también desconocidos. • http://personalfirewall.comodo.com/release_notes.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 0CVE-2010-5186
https://notcve.org/view.php?id=CVE-2010-5186
26 Aug 2012 — The Antivirus component in Comodo Internet Security before 4.1.150349.920 allows remote attackers to cause a denial of service (application crash) via a crafted file. El componente Antivirus en Comodo Internet Security anterior a v4.1.150349.920 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un fichero manipulado. • http://personalfirewall.comodo.com/release_notes.html •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2009-5123
https://notcve.org/view.php?id=CVE-2009-5123
26 Aug 2012 — The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers to cause a denial of service (memory consumption) via a crafted compressed file. El componente Antivirus en Comodo Internet Security anterior a v3.11.108364.552 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un fichero comprimido manipulado. • http://personalfirewall.comodo.com/release_notes.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •