CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6654 – Denial of Service vulnerability in ESET products for macOS
https://notcve.org/view.php?id=CVE-2024-6654
27 Sep 2024 — Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down. Los productos para macOS permiten que un usuario conectado al sistema realice un ataque de denegación de servicio, que podría usarse indebidamente para deshabilitar la protección del producto de seguridad de ESET y provocar una ralentización general del sistema. Products for macOS enables a user logg... • https://support.eset.com/en/ca8725-local-privilege-escalation-vulnerability-in-eset-products-for-macos-fixed • CWE-377: Insecure Temporary File •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2847 – Local privilege escalation in ESET products for Linux and MacOS
https://notcve.org/view.php?id=CVE-2023-2847
15 Jun 2023 — During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability. • https://support.eset.com/en/ca8447 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37850 – Denial of service in ESET for Mac products
https://notcve.org/view.php?id=CVE-2021-37850
08 Nov 2021 — ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot. ESET se dio cuenta de una vulnerabilidad en sus productos de consumo y empresariales para macOS que permite a un usuario conectado al sistema detener el demonio de ESET, deshabilitando efectivamente la protección del producto de seguridad de ESET hasta un reinicio de... • https://support.eset.com/en/ca8151 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-10193
https://notcve.org/view.php?id=CVE-2020-10193
06 Mar 2020 — ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. ESET Archive Support Module versiones anteriores a 1294, permite una omisión de detección de virus por medio de una Información de Compresión RAR en ... • https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html • CWE-436: Interpretation Conflict •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-10180
https://notcve.org/view.php?id=CVE-2020-10180
05 Mar 2020 — The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. El motor de análisis de ESET AV, permite omitir la detección de virus por medio de un campo BZ2 Checksum diseñado en un archivo. Esto afecta a las versiones anteriores a... • https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html • CWE-436: Interpretation Conflict •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19792
https://notcve.org/view.php?id=CVE-2019-19792
03 Mar 2020 — A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files. Un problema de permisos en ESET Cyber Security versiones anteriores a 6.8.300.0 para macOS, permite a un atacante local escalar privilegios al añadir datos en archivos propiedad de root. • https://danishcyberdefence.dk/blog/esets-cyber-security • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17549
https://notcve.org/view.php?id=CVE-2019-17549
03 Mar 2020 — ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack. ESET Cyber Security versiones anteriores a 6.8.1.0, es vulnerable a una denegación de servicio permitiendo a cualquier usuario detener (eliminar) los procesos de ESET. Un atacante puede abusar de este fallo para detener la protección de ESET e iniciar su ataque. • https://danishcyberdefence.dk/blog/esets-cyber-security •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9264
https://notcve.org/view.php?id=CVE-2020-9264
18 Feb 2020 — ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. ESET Archive Support Module versiones anteriores a 1296, permite omitir la detección de virus por medio de un Compression Information Field di... • http://seclists.org/fulldisclosure/2020/Feb/21 • CWE-436: Interpretation Conflict •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-16519
https://notcve.org/view.php?id=CVE-2019-16519
14 Oct 2019 — ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks. ESET Cyber ??Security 6.7.900.0 para macOS permite a un atacante local ejecutar comandos no autorizados como root al abusar de una función no documentada en las tareas programadas. • http://support.eset.com/ca7317 • CWE-269: Improper Privilege Management •