CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2021-37852 – LPE in ESET products for Windows
https://notcve.org/view.php?id=CVE-2021-37852
31 Jan 2022 — ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM. Los productos de ESET para Windows permiten a un proceso no confiable hacerse pasar por el cliente de una tubería, lo que puede ser aprovechado por un atacante para escalar privilegios en el contexto de NT AUTHORITY\SYSTEM This vulnerability allows local attackers to escalate privileges on affected installations of ESET Endpo... • https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-43772
https://notcve.org/view.php?id=CVE-2021-43772
03 Dec 2021 — Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. Trend Micro Security 2021 versión v17.0 (Consumer), contiene una vulnerabilidad que permite modificar los archivos dentro de la carpeta protegida sin ninguna detección • https://helpcenter.trendmicro.com/en-us/article/tmka-10855 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15732
https://notcve.org/view.php?id=CVE-2020-15732
22 Jun 2021 — Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Comprobación Inapropiada de Certificados en el módulo Online Threat Prevention tal y como... • https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26718
https://notcve.org/view.php?id=CVE-2021-26718
01 Apr 2021 — KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. KIS para macOS en algunos casos de uso era vulnerable a la omisión de AV que potencialmente permitía a un atacante deshabilitar la protección antivirus. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310321 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-26941
https://notcve.org/view.php?id=CVE-2020-26941
21 Jan 2021 — A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premi... • https://support.eset.com/en/ca7794-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2020-35364
https://notcve.org/view.php?id=CVE-2020-35364
26 Dec 2020 — Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot. Beijing Huorong Internet Security versión 5.0.55.2, permite a un usuario no administrador escalar privilegios inyectando código en un proceso y luego esperando que los servicios de Huorong se reinicien o un reinicio del sistema • https://github.com/yangfan6888/PoC •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-10193
https://notcve.org/view.php?id=CVE-2020-10193
06 Mar 2020 — ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. ESET Archive Support Module versiones anteriores a 1294, permite una omisión de detección de virus por medio de una Información de Compresión RAR en ... • https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html • CWE-436: Interpretation Conflict •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9264
https://notcve.org/view.php?id=CVE-2020-9264
18 Feb 2020 — ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. ESET Archive Support Module versiones anteriores a 1296, permite omitir la detección de virus por medio de un Compression Information Field di... • http://seclists.org/fulldisclosure/2020/Feb/21 • CWE-436: Interpretation Conflict •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19820
https://notcve.org/view.php?id=CVE-2019-19820
16 Dec 2019 — An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive. Una vulnerabilidad de puntero no válido en IOCTL Handling en el controlador kyrld.sys en Kyrol Internet Security versión 9.0.6.9, permite a un atacante alcanzar una escalada de privilegios, una denegación de servicio y una ejecuci... • https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-04-kyrol-internet-security-invalid-pointer-vulnerability.md • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15687
https://notcve.org/view.php?id=CVE-2019-15687
26 Nov 2019 — Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •