CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9264
https://notcve.org/view.php?id=CVE-2020-9264
18 Feb 2020 — ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. ESET Archive Support Module versiones anteriores a 1296, permite omitir la detección de virus por medio de un Compression Information Field di... • http://seclists.org/fulldisclosure/2020/Feb/21 • CWE-436: Interpretation Conflict •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19820
https://notcve.org/view.php?id=CVE-2019-19820
16 Dec 2019 — An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive. Una vulnerabilidad de puntero no válido en IOCTL Handling en el controlador kyrld.sys en Kyrol Internet Security versión 9.0.6.9, permite a un atacante alcanzar una escalada de privilegios, una denegación de servicio y una ejecuci... • https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-04-kyrol-internet-security-invalid-pointer-vulnerability.md • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15687
https://notcve.org/view.php?id=CVE-2019-15687
26 Nov 2019 — Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15686
https://notcve.org/view.php?id=CVE-2019-15686
26 Nov 2019 — Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection permitió a un... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15685
https://notcve.org/view.php?id=CVE-2019-15685
26 Nov 2019 — Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15688
https://notcve.org/view.php?id=CVE-2019-15688
26 Nov 2019 — Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection no inf... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3648 – Implicit loading of DLLs
https://notcve.org/view.php?id=CVE-2019-3648
13 Nov 2019 — A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission. Una vulnerabilidad de escalada de privilegios en el cliente de Microsoft Windows en McAfee Total Protection versión 16.0.R22 y anteriores, permite a administradores ejecutar código arbitrario mediante la colocación cuidadosa de archivos maliciosos ... • https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648 • CWE-426: Untrusted Search Path •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14242
https://notcve.org/view.php?id=CVE-2019-14242
30 Jul 2019 — An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. Se detectó un problema en los productos de Bitdefender para Windows ... • https://www.bitdefender.com/support/security-advisories/code-injection-bitdefender-products-windows • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-14270
https://notcve.org/view.php?id=CVE-2019-14270
25 Jul 2019 — Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape. Comodo Antivirus hasta la versión 12.0.0.6870, Comodo Firewall hasta la versión 12.0.0.6870, y Comodo Internet Security Premium hasta la versión 12.0.0.6870, con la característica Comodo Container, son vulnerables a un escape del Sandbox. • https://gaissecurity.com/yazi/discovery-of-sandbox-escape-on-comodo-container-antivirus-amp-firewall •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-8286
https://notcve.org/view.php?id=CVE-2019-8286
18 Jul 2019 — Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6 La divulgación de información en Kaspersky Anti-Virus, Kaspersky Internet Security, las versiones de Kaspersky Total Security hasta 2019 podrían revelar una identificación de producto única al obligar a l... • http://www.securityfocus.com/bid/109300 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •