CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-8776
https://notcve.org/view.php?id=CVE-2017-8776
04 May 2017 — Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product. Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, y Quick Heal AntiVirus Pro 10.1.0.316 tienen unos 165 archivos PE en la instalación por defecto que no utilizan protección ASLR/D... • http://payatu.com/quick-heal-antivirus-protection-mechanism-failure-vulnerability •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1CVE-2015-8285 – QuickHeal 16.00 - 'webssx.sys' Driver Denial of Service
https://notcve.org/view.php?id=CVE-2015-8285
20 Apr 2017 — The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service. El driver webssx.sys en QuickHeal 16.00 permite a atacantes remotos provocar una denegación de servicio. • https://www.exploit-db.com/exploits/39475 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 31%CPEs: 3EXPL: 2CVE-2017-5005
https://notcve.org/view.php?id=CVE-2017-5005
02 Jan 2017 — Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation. Desbordamiento de búfer basado en pila en Quick Heal Internet Security 10.1.0.316 y versiones anteriores, Total Security 10.1.0.316 y versiones anteriores y Ant... • https://github.com/payatu/QuickHeal • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 5CVE-2013-6767 – QuickHeal AntiVirus 7.0.0.1 - Local Stack Overflow
https://notcve.org/view.php?id=CVE-2013-6767
20 Dec 2013 — Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE file. El desbordamiento de búfer en la región stack de la memoria en la biblioteca pepoly.dll en Quick Heal AntiVirus Pro versión 7.0.0.1, permite a los usuarios locales ejecutar código arbitrario o causar una denegación de servicio (bloqueo del proceso) por medio de un valor *.text largo en un archivo PE. • https://www.exploit-db.com/exploits/30374 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2009-4556 – Quick Heal 10.00 SP1 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-4556
04 Jan 2010 — Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs, as demonstrated by replacing quhlpsvc.exe. Quick Heal AntiVirus Plus 2009 v10.00 SP1 y Quick Heal Total Security 2009 v10.00 SP1 emplean permisos débiles (Control Total para todos los usuarios) para los ficheros en producción, esto permite a usuarios locales o... • https://www.exploit-db.com/exploits/10084 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2008-5524
https://notcve.org/view.php?id=CVE-2008-5524
12 Dec 2008 — CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. CAT-QuickHeal v10.00 y posiblemente v9.50, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección ... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •