CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9264
https://notcve.org/view.php?id=CVE-2020-9264
ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. ESET Archive Support Module versiones anteriores a 1296, permite omitir la detección de virus por medio de un Compression Information Field diseñado en un archivo ZIP. Esto afecta a las versiones anteriores a 1294 de Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security para Android, Smart TV Security y NOD32 Antivirus 4 para Linux Desktop. • http://seclists.org/fulldisclosure/2020/Feb/21 https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html https://support.eset.com/en/ca7387-modules-review-december-2019 • CWE-436: Interpretation Conflict •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15687
https://notcve.org/view.php?id=CVE-2019-15687
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection era vulnerable a una divulgación remota de diversa información sobre el sistema del usuario (como versión de Window y versión del producto, ID único del host). Divulgación de Información. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15686
https://notcve.org/view.php?id=CVE-2019-15686
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection permitió a un atacante deshabilitar remotamente varias funcionalidades de protección antivirus. Denegación de Servicio, Omisión. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15685
https://notcve.org/view.php?id=CVE-2019-15685
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection permitió a un atacante deshabilitar remotamente las funcionalidades de seguridad del producto tales como navegación privada y anti-banner. Omisión. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15688
https://notcve.org/view.php?id=CVE-2019-15688
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection no informó adecuadamente al usuario sobre la amenaza de redireccionar a un sitio no seguro . Omisión. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •