Page 2 of 65 results (0.004 seconds)

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions. La ruta de servicio sin comillas en los productos ESET permite colocar un programa preparado en una ubicación específica y ejecutarlo al arrancar con los permisos NT AUTHORITY\NetworkService. • https://support.eset.com/en/ca8602 • CWE-428: Unquoted Search Path or Element •

CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 0

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. La validación incorrecta de la cadena de certificados del servidor en la función de escaneo de tráfico seguro consideró que el certificado intermedio firmado utilizando el algoritmo MD5 o SHA1 era confiable. • https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed • CWE-295: Improper Certificate Validation •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions. This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ekrn service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.eset.com/en/ca8466 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability. • https://support.eset.com/en/ca8447 • CWE-269: Improper Privilege Management •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD. Una vulnerabilidad en el controlador dlpfde.sys permite a un usuario que haya iniciado sesión en el sistema llevar a cabo llamadas al sistema, conllevando a un desbordamiento de la pila del kernel, resultando en un bloqueo del sistema, por ejemplo, un BSOD. • https://support.eset.com/en/ca8298-vulnerability-fixed-in-eset-endpoint-encryption-and-eset-full-disk-encryption-for-windows • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •