14 matches found
CVE-2021-37850
CVE-2021-37850 affects ESET consumer and business products for macOS. A local user can stop the ESET daemon, disabling protection until a reboot. Documented impact is a DoS-like loss of protection rather than remote code execution. Affected components are the ESET macOS services/daemons, with roo...
CVE-2019-16519
CVE-2019-16519 affects ESET Cyber Security 6.7.900.0 for macOS. The vulnerability arises from abusing an undocumented feature in scheduled tasks, enabling a local attacker to execute unauthorized commands as root. The description is repeated across NVD and multiple vendor/ national vulnerability ...
CVE-2021-37852
The CVE-2021-37852 entry describes a local privilege-escalation in ESET products for Windows where an untrusted process impersonates the client of a named pipe. This impersonation (named-pipe client) allows a local attacker to escalate to NT AUTHORITY\SYSTEM. Documents from ZDI and NVD confirm th...
CVE-2022-27167
CVE-2022-27167 describes a local privilege-escalation in multiple ESET Windows products, allowing an attacker to abuse the Repair/Uninstall paths to delete files. Affected products include ESET NOD32 Antivirus, Internet Security, Smart Security Premium, Endpoint Antivirus/Security, Server/File/Ma...
CVE-2020-26941
The CVE-2020-26941 issue describes a local, authenticated, low-privilege user able to trigger arbitrary file overwrite (deletion) via a symlink during the installation phase of multiple ESET products, due to insecure installer permissions. Impact is limited to the installation window and requires...
CVE-2021-37851
CVE-2021-37851 is a local privilege escalation in ESET Windows products where an unpatched installer repair flow can be abused to execute code with higher privileges. Affected are ESET NOD32 Antivirus, Internet Security, Smart Security Premium (11.2 prior to 15.1.12.0) and ESET Endpoint Antivirus...
CVE-2024-3779
The CVE-2024-3779 entry describes a Denial of Service affecting ESET security products for Windows, with impact on availability (AV:A/H) and local/low-exploitation characteristics per CVSS metrics. It states the issue can render the product inoperable shortly after installation or upgrade under n...
CVE-2016-9892
CVE-2016-9892 affects the esets_daemon service in ESET Endpoint Antivirus for macOS prior to 6.4.168.0 and Endpoint Security for macOS prior to 6.4.168.0. Root cause is improper verification of X.509 certificates from the edf.eset.com SSL server, enabling MITM attackers to spoof the server and pr...
CVE-2024-0353
CVE-2024-0353 is a local privilege escalation in ESET products (e.g., ESET Smart Security Premium / Endpoint Antivirus) where the attacker can abuse ESET’s file operations via the ESET Service. The weakness arises from a vulnerability in privilege handling and a symbolic link abuse that allows de...
CVE-2023-3160
CVE-2023-3160 is a local privilege escalation affecting ESET security products on Windows. The flaw allows an attacker to misuse ESET’s file operations during module updates to delete or move files without proper permissions. The specific flaw exists in the ekrn service, enabling privilege escala...
CVE-2023-7043
CVE-2023-7043 describes an unquoted service path vulnerability in ESET Windows products, enabling a dropped program to be placed in a location and launched at boot with NT AUTHORITY\NetworkService permissions. The available documents confirm the affected products are ESET Endpoint Security/Endpoi...
CVE-2023-5594
CVE-2023-5594 describes improper validation of the server’s certificate chain in the secure traffic scanning feature, causing intermediate certificates signed with MD5 or SHA-1 to be treated as trusted. Multiple sources (NVD, CVE List, CNNVD, PRION/PRION-like entries, and EUVD) tie this to ESET s...
CVE-2020-11446
The CVE-2020-11446 entry concerns ESET Antivirus and Antispyware Module versions 1553–1560. A user with limited rights can create hard links in certain ESET directories and force the product to write through these links to files normally not writable, enabling privilege escalation. The issue is l...
CVE-2014-4973
The CVE-2014-4973 issue affects the EpFwNdis.sys driver (ESET Personal Firewall NDIS filter) in ESET Smart Security/Endpoint Security 5.0–7.0 (Firewall Module Build 1183, 20140214) and earlier. The vulnerability is a trusted-value condition exploitable via IOCTL 0x830020CC with a crafted input bu...