CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9742
https://notcve.org/view.php?id=CVE-2019-9742
13 Mar 2019 — gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\gdwfpcd device are not properly protected, leading to unintended impersonation or object creation. gdwfpcd.sys en G Data Total Security, en CVErsiones anteriores al 22/02/2019, permite que un atacante omita las listas de control de acceso debido a que las características interpretadas del disposi... • https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-03-13-gdata-total-security-acl-bypass.md • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 8%CPEs: 1EXPL: 3CVE-2018-10018 – G DATA Total Security 25.4.0.3 - Activex Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-10018
13 Jul 2018 — The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument. El control ActiveX GDASPAMLib.AntiSpam ASK\GDASpam.dll en G DATA Total Security 25.4.0.3 tiene un desbordamiento de búfer mediante un argumento IsBlackListed largo. In MicroWorld eScan Internet Security Suite (ISS) for Business version 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause ... • https://packetstorm.news/files/id/148543 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •