CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-10180
https://notcve.org/view.php?id=CVE-2020-10180
05 Mar 2020 — The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. El motor de análisis de ESET AV, permite omitir la detección de virus por medio de un campo BZ2 Checksum diseñado en un archivo. Esto afecta a las versiones anteriores a... • https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html • CWE-436: Interpretation Conflict •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19792
https://notcve.org/view.php?id=CVE-2019-19792
03 Mar 2020 — A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files. Un problema de permisos en ESET Cyber Security versiones anteriores a 6.8.300.0 para macOS, permite a un atacante local escalar privilegios al añadir datos en archivos propiedad de root. • https://danishcyberdefence.dk/blog/esets-cyber-security • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17549
https://notcve.org/view.php?id=CVE-2019-17549
03 Mar 2020 — ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack. ESET Cyber Security versiones anteriores a 6.8.1.0, es vulnerable a una denegación de servicio permitiendo a cualquier usuario detener (eliminar) los procesos de ESET. Un atacante puede abusar de este fallo para detener la protección de ESET e iniciar su ataque. • https://danishcyberdefence.dk/blog/esets-cyber-security •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9264
https://notcve.org/view.php?id=CVE-2020-9264
18 Feb 2020 — ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. ESET Archive Support Module versiones anteriores a 1296, permite omitir la detección de virus por medio de un Compression Information Field di... • http://seclists.org/fulldisclosure/2020/Feb/21 • CWE-436: Interpretation Conflict •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-16519
https://notcve.org/view.php?id=CVE-2019-16519
14 Oct 2019 — ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks. ESET Cyber ??Security 6.7.900.0 para macOS permite a un atacante local ejecutar comandos no autorizados como root al abusar de una función no documentada en las tareas programadas. • http://support.eset.com/ca7317 • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-0649
https://notcve.org/view.php?id=CVE-2018-0649
07 Sep 2018 — Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Vulnerabilidad de ruta de búsqueda no fiable en los instaladores de múltiples programas de software de Canon IT Solutions Inc. (ESET Smart Security Premi... • http://jvn.jp/en/jp/JVN41452671/index.html • CWE-426: Untrusted Search Path •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 3CVE-2016-9892 – F-Secure AV Man-In-The-Middle
https://notcve.org/view.php?id=CVE-2016-9892
27 Feb 2017 — The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root. El servicio esets_daemon en ESET Endpoint Antivirus para... • https://packetstorm.news/files/id/141350 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2014-4973 – ESET Windows Products 7.0 Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4973
20 Aug 2014 — The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call. El controlador del filtro NIDS de ESET Personal Firewall (EpFwNdis.sys) en el módulo del Firewall Build 1183 (20140214) y anteriores en productos ESET Smart Security y ESET Endpoint Security 5.0 hasta 7.0 permite a usuarios locale... • http://seclists.org/fulldisclosure/2014/Aug/52 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5160
https://notcve.org/view.php?id=CVE-2010-5160
25 Aug 2012 — Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already be... • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 19%CPEs: 11EXPL: 0CVE-2012-1420 – Anti-Virus File Parsing Evasion
https://notcve.org/view.php?id=CVE-2012-1420
19 Mar 2012 — The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may lat... • http://osvdb.org/80403 • CWE-264: Permissions, Privileges, and Access Controls •