CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6654 – Denial of Service vulnerability in ESET products for macOS
https://notcve.org/view.php?id=CVE-2024-6654
Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down. Los productos para macOS permiten que un usuario conectado al sistema realice un ataque de denegación de servicio, que podría usarse indebidamente para deshabilitar la protección del producto de seguridad de ESET y provocar una ralentización general del sistema. • https://support.eset.com/en/ca8725-local-privilege-escalation-vulnerability-in-eset-products-for-macos-fixed https://support.eset.com/en/ca8725-denial-of-service-vulnerability-in-eset-products-for-macos-fixed • CWE-377: Insecure Temporary File •
CVSS: 8.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-7400 – Local privilege escalation in ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-7400
The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so. • https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows • CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-3779 – Denial of Service in ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-3779
Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met. • https://support.eset.com/en/ca8688 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 13EXPL: 0CVE-2024-2003 – Local Privilege Escalation in Quarantine of ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-2003
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine. This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the ESET Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.eset.com/ca8674 • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5961 – Reflected XSS in 2ClickPortal
https://notcve.org/view.php?id=CVE-2024-5961
Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects 2ClickPortal software versions from 7.2.31 through 7.6.4. La neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web en el software 2ClickPortal permite cross-site scripting (XSS) reflejado. Un atacante podría engañar a alguien para que utilice una URL manipulada, lo que provocará que se ejecute un script en el navegador del usuario. • https://github.com/kac89/CVE-2024-5961 https://2clickportal.pl https://cert.pl/en/posts/2024/06/CVE-2024-5961 https://cert.pl/posts/2024/06/CVE-2024-5961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •