CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19792
https://notcve.org/view.php?id=CVE-2019-19792
03 Mar 2020 — A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files. Un problema de permisos en ESET Cyber Security versiones anteriores a 6.8.300.0 para macOS, permite a un atacante local escalar privilegios al añadir datos en archivos propiedad de root. • https://danishcyberdefence.dk/blog/esets-cyber-security • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17549
https://notcve.org/view.php?id=CVE-2019-17549
03 Mar 2020 — ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack. ESET Cyber Security versiones anteriores a 6.8.1.0, es vulnerable a una denegación de servicio permitiendo a cualquier usuario detener (eliminar) los procesos de ESET. Un atacante puede abusar de este fallo para detener la protección de ESET e iniciar su ataque. • https://danishcyberdefence.dk/blog/esets-cyber-security •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9264
https://notcve.org/view.php?id=CVE-2020-9264
18 Feb 2020 — ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. ESET Archive Support Module versiones anteriores a 1296, permite omitir la detección de virus por medio de un Compression Information Field di... • http://seclists.org/fulldisclosure/2020/Feb/21 • CWE-436: Interpretation Conflict •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-16519
https://notcve.org/view.php?id=CVE-2019-16519
14 Oct 2019 — ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks. ESET Cyber ??Security 6.7.900.0 para macOS permite a un atacante local ejecutar comandos no autorizados como root al abusar de una función no documentada en las tareas programadas. • http://support.eset.com/ca7317 • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-0649
https://notcve.org/view.php?id=CVE-2018-0649
07 Sep 2018 — Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Vulnerabilidad de ruta de búsqueda no fiable en los instaladores de múltiples programas de software de Canon IT Solutions Inc. (ESET Smart Security Premi... • http://jvn.jp/en/jp/JVN41452671/index.html • CWE-426: Untrusted Search Path •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 3CVE-2016-9892 – F-Secure AV Man-In-The-Middle
https://notcve.org/view.php?id=CVE-2016-9892
27 Feb 2017 — The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root. El servicio esets_daemon en ESET Endpoint Antivirus para... • https://packetstorm.news/files/id/141350 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 21%CPEs: 907EXPL: 2CVE-2015-8841
https://notcve.org/view.php?id=CVE-2015-8841
08 Apr 2016 — Heap-based buffer overflow in the Archive support module in ESET NOD32 before update 11861 allows remote attackers to execute arbitrary code via a large number of languages in an EPOC installation file of type SIS_FILE_MULTILANG. Desbordamiento de buffer basado en memoria dinámica en el módulo de soporte Archive en ESET NOD32 en versiones anteriores a la actualización 11861 permite a atacantes remotos ejecutar código arbitrario a través de una gran cantidad de lenguajes en un archivo de instalación EPOC de ... • http://packetstormsecurity.com/files/136082/ESET-NOD32-Heap-Overflow.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4974 – ESET 7.0 Kernel Memory Leak
https://notcve.org/view.php?id=CVE-2014-4974
28 Oct 2014 — The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls. El controlador del modo de kernel del filtro ESET Personal Firewall NDIS (EpFwNdis.sys), también conocido como el módulo Personal Firewall anterior a Build 1212 (20140609), utilizado en múltiples productos ESET 5.0 hasta 7.0, permite... • http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2014-4973 – ESET Windows Products 7.0 Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4973
20 Aug 2014 — The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call. El controlador del filtro NIDS de ESET Personal Firewall (EpFwNdis.sys) en el módulo del Firewall Build 1183 (20140214) y anteriores en productos ESET Smart Security y ESET Endpoint Security 5.0 hasta 7.0 permite a usuarios locale... • http://seclists.org/fulldisclosure/2014/Aug/52 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5160
https://notcve.org/view.php?id=CVE-2010-5160
25 Aug 2012 — Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already be... • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •