CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-10180
https://notcve.org/view.php?id=CVE-2020-10180
The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. El motor de análisis de ESET AV, permite omitir la detección de virus por medio de un campo BZ2 Checksum diseñado en un archivo. Esto afecta a las versiones anteriores a 1294 de Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security y NOD32 Antivirus 4 para Linux Desktop. • https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html • CWE-436: Interpretation Conflict •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9264
https://notcve.org/view.php?id=CVE-2020-9264
ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. ESET Archive Support Module versiones anteriores a 1296, permite omitir la detección de virus por medio de un Compression Information Field diseñado en un archivo ZIP. Esto afecta a las versiones anteriores a 1294 de Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security para Android, Smart TV Security y NOD32 Antivirus 4 para Linux Desktop. • http://seclists.org/fulldisclosure/2020/Feb/21 https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html https://support.eset.com/en/ca7387-modules-review-december-2019 • CWE-436: Interpretation Conflict •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5425
https://notcve.org/view.php?id=CVE-2008-5425
ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. ESet NOD32 v2.70.0039.0000 no gestiona apropiadamente (1) mensajes de correo multipart/mixed con muchas partes MIME y posiblemente (2) mensajes de correo electrónico con muchas cabeceras "Content-type: message/rfc822;", lo que permite a atacantes remotos provocar una denegación de servicio (consumo de pila o consumo de otros recursos) mediante un correo electrónico de gran tamaño, un problema relacionado a CVE-2006-1173. • http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro http://securityreason.com/securityalert/4721 http://www.securityfocus.com/archive/1/499038/100/0/threaded http://www.securityfocus.com/archive/1/499045/100/0/threaded • CWE-399: Resource Management Errors •
CVSS: 7.6EPSS: 4%CPEs: 1EXPL: 0CVE-2007-3970
https://notcve.org/view.php?id=CVE-2007-3970
Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption. Condición de carrera en ESET NOD32 Antivirus anterior a 2.2289 permite a atacantes remotos ejecutar códigos de su elección a través de un archivo CAB manipulado, lo cual dispara una corrupción de memoria. • http://osvdb.org/37976 http://secunia.com/advisories/26124 http://securityreason.com/securityalert/2922 http://www.eset.com/joomla/index.php?option=com_content&task=view&id=3469&Itemid=26 http://www.nruns.com/%5Bn.runs-SA-2007.016%5D%20-%20NOD32%20Antivirus%20CAB%20parsing%20Arbitrary%20Code%20Execution%20Advisory.pdf http://www.nruns.com/%5Bn.runs-SA-2007.016%5D%20-%20NOD32%20Antivirus%20CAB%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt http://www.securityfocus.com/archive/1/474244& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 1CVE-2007-3972
https://notcve.org/view.php?id=CVE-2007-3972
ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service via a crafted (1) ASPACK or (2) FSG packed file, which triggers a divide-by-zero error. ESET NOD32 Antivirus anterior a 2.2289 permite a atacantes remotos provocar denegación de servicio a través de archivos (1) ASPACK manipulados o (2) paquetes FSG, el cual dispara un error de división por cero. • http://osvdb.org/37978 http://secunia.com/advisories/26124 http://securityreason.com/securityalert/2924 http://www.eset.com/joomla/index.php?option=com_content&task=view&id=3469&Itemid=26 http://www.nruns.com/%5Bn.runs-SA-2007.018%5D%20-%20NOD32%20Antivirus%20ASPACK%20and%20FSG%20parsing%20Divide%20by%20Zero%20Advisory.pdf http://www.nruns.com/%5Bn.runs-SA-2007.018%5D%20-%20NOD32%20Antivirus%20ASPACK%20and%20FSG%20parsing%20Divide%20by%20Zero%20Advisory.txt http://www.securityfocus.com/a •