Lucene search
K
EsetServer Security

9 matches found

CVE
CVE
added 2022/02/09 5:14 a.m.431 views

CVE-2021-37852

The CVE-2021-37852 entry describes a local privilege-escalation in ESET products for Windows where an untrusted process impersonates the client of a named pipe. This impersonation (named-pipe client) allows a local attacker to escalate to NT AUTHORITY\SYSTEM. Documents from ZDI and NVD confirm th...

7.8CVSS7.7AI score0.00567EPSS
CVE
CVE
added 2023/06/15 7:46 a.m.325 views

CVE-2023-2847

CVE-2023-2847 describes a local privilege escalation in ESET products for Linux/macOS caused by improper privilege management. A user with lower privileges could trigger actions with root-level privileges; affected components include ESET Server Security for Linux, Endpoint Antivirus for Linux/ma...

7.8CVSS7.9AI score0.00148EPSS
CVE
CVE
added 2022/05/10 7:43 p.m.100 views

CVE-2022-27167

CVE-2022-27167 describes a local privilege-escalation in multiple ESET Windows products, allowing an attacker to abuse the Repair/Uninstall paths to delete files. Affected products include ESET NOD32 Antivirus, Internet Security, Smart Security Premium, Endpoint Antivirus/Security, Server/File/Ma...

7.1CVSS7AI score0.00182EPSS
CVE
CVE
added 2022/05/11 2:8 p.m.80 views

CVE-2021-37851

CVE-2021-37851 is a local privilege escalation in ESET Windows products where an unpatched installer repair flow can be abused to execute code with higher privileges. Affected are ESET NOD32 Antivirus, Internet Security, Smart Security Premium (11.2 prior to 15.1.12.0) and ESET Endpoint Antivirus...

7.8CVSS7.5AI score0.002EPSS
CVE
CVE
added 2022/02/25 6:10 p.m.77 views

CVE-2022-0615

CVE-2022-0615 affects the eset_rtp kernel module used in ESET’s Linux products. The vulnerability is described as a use-after-free in the kernel module, enabling a potential attacker to trigger a denial-of-service condition on the system. The available documents confirm the affected component (es...

7.8CVSS6.4AI score0.00821EPSS
CVE
CVE
added 2024/07/16 8:17 a.m.77 views

CVE-2024-3779

The CVE-2024-3779 entry describes a Denial of Service affecting ESET security products for Windows, with impact on availability (AV:A/H) and local/low-exploitation characteristics per CVSS metrics. It states the issue can render the product inoperable shortly after installation or upgrade under n...

6.1CVSS5.9AI score0.00204EPSS
CVE
CVE
added 2024/02/15 7:40 a.m.68 views

CVE-2024-0353

CVE-2024-0353 is a local privilege escalation in ESET products (e.g., ESET Smart Security Premium / Endpoint Antivirus) where the attacker can abuse ESET’s file operations via the ESET Service. The weakness arises from a vulnerability in privilege handling and a symbolic link abuse that allows de...

7.8CVSS7.8AI score0.00551EPSS
CVE
CVE
added 2023/08/14 9:27 a.m.60 views

CVE-2023-3160

CVE-2023-3160 is a local privilege escalation affecting ESET security products on Windows. The flaw allows an attacker to misuse ESET’s file operations during module updates to delete or move files without proper permissions. The specific flaw exists in the ekrn service, enabling privilege escala...

7.8CVSS7.6AI score0.00178EPSS
CVE
CVE
added 2023/12/21 11:30 a.m.58 views

CVE-2023-5594

CVE-2023-5594 describes improper validation of the server’s certificate chain in the secure traffic scanning feature, causing intermediate certificates signed with MD5 or SHA-1 to be treated as trusted. Multiple sources (NVD, CVE List, CNNVD, PRION/PRION-like entries, and EUVD) tie this to ESET s...

8.6CVSS8.1AI score0.00376EPSS