CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-27223
https://notcve.org/view.php?id=CVE-2021-27223
01 Apr 2022 — A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS Se presentaba un problema de denegación de servicio en uno de los módulos incorporados en los productos Kaspersky Anti-V... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30360
https://notcve.org/view.php?id=CVE-2021-30360
07 Jan 2022 — Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges. Los usuarios tienen acceso al directorio donde se produce la reparación de la instalación. Dado que el instalador de MS permite a usuarios normales ejecutar la reparación, un atacante puede iniciar la repara... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0001/MNDT-2022-0001.md • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2021-45090
https://notcve.org/view.php?id=CVE-2021-45090
21 Dec 2021 — Stormshield Endpoint Security before 2.1.2 allows remote code execution. Stormshield Endpoint Security versiones anteriores a 2.1.2, permite una ejecución de código remota • https://advisories.stormshield.eu/2021-070 •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-45089
https://notcve.org/view.php?id=CVE-2021-45089
21 Dec 2021 — Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. Stormshield Endpoint Security versiones 2.x anteriores a 2.1.2 , presenta un Control de Acceso Incorrecto • https://advisories.stormshield.eu/2021-071 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45091
https://notcve.org/view.php?id=CVE-2021-45091
21 Dec 2021 — Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. Stormshield Endpoint Security desde la versión 2.1.0 a 2.1.1, presenta un Control de Acceso Incorrecto • https://advisories.stormshield.eu/2021-072 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37850 – Denial of service in ESET for Mac products
https://notcve.org/view.php?id=CVE-2021-37850
08 Nov 2021 — ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot. ESET se dio cuenta de una vulnerabilidad en sus productos de consumo y empresariales para macOS que permite a un usuario conectado al sistema detener el demonio de ESET, deshabilitando efectivamente la protección del producto de seguridad de ESET hasta un reinicio de... • https://support.eset.com/en/ca8151 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-31843 – Improper access control vulnerability in McAfee ENS for Windows
https://notcve.org/view.php?id=CVE-2021-31843
17 Sep 2021 — Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location. Una vulnerabilidad de administración de privilegios inapropiada en McAfee Endpoint Security (ENS) Windows versiones anteriores a la actualización 10.7.0 de septiembre de 2021, permite a usuarios locales acceder... • https://kc.mcafee.com/corporate/index?page=content&id=SB10367 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-31842
https://notcve.org/view.php?id=CVE-2021-31842
17 Sep 2021 — XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. Una vulnerabilidad de tipo XML Entity Expansion injection en McAfee Endpoint Security (ENS) para Windows versiones anteriores a la actualización 10.7.0 de septiembre de 2021, permite a un usuar... • https://kc.mcafee.com/corporate/index?page=content&id=SB10367 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31221
https://notcve.org/view.php?id=CVE-2021-31221
13 Jul 2021 — SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. SES Evolution versiones anteriores a 2.1.0, permite eliminar algunas partes de una política de seguridad al aprovechar el acceso a un ordenador que tenga instalada la consola de administración • https://advisories.stormshield.eu •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31222
https://notcve.org/view.php?id=CVE-2021-31222
13 Jul 2021 — SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. SES Evolution versiones anteriores a 2.1.0, permite actualizar algunas partes de una política de seguridad al aprovechar el acceso a un ordenador que tenga instalada la consola de administración • https://advisories.stormshield.eu •