Skip to main content

Security

17 CVEs product

Monthly

CVE-2024-3779 MEDIUM This Month

Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset Denial Of Service Internet Security Nod32 +6
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-1619 HIGH This Week

Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Security
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-0353 HIGH POC This Week

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Eset Endpoint Antivirus Endpoint Security File Security +6
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-5594 HIGH This Week

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Antivirus Endpoint Security File Security Internet Security +5
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2023-48795 LIB MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js SSH Java +66
NVD GitHub
CVSS 3.1
5.9
EPSS
53.6%
Threat
4.3
CVE-2023-3160 HIGH This Week

The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset Endpoint Antivirus Endpoint Security Internet Security +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-37348 MEDIUM PATCH This Month

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Trend Micro Buffer Overflow Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-37347 MEDIUM PATCH This Month

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Trend Micro Buffer Overflow Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34893 HIGH PATCH This Week

Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Trend Micro Privilege Escalation Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-29489 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Security
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-35234 HIGH PATCH This Week

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Trend Micro Buffer Overflow Security
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-30703 HIGH This Week

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-30702 MEDIUM This Month

Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Buffer Overflow Information Disclosure Security
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-27167 HIGH This Week

Privilege escalation vulnerability in Windows products of ESET, spol. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Microsoft Eset Endpoint Antivirus +8
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2018-12636 HIGH POC THREAT This Week

The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Security
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
30.1%
CVE-2018-7433 HIGH This Week

The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Security
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-6218 HIGH This Week

A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Trend Micro RCE Deep Security Endpoint Sensor Officescan +2
NVD
CVSS 3.1
7.0
EPSS
1.6%
EPSS 0% CVSS 5.5
MEDIUM This Month

Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset Denial Of Service +8
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Security
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Eset Endpoint Antivirus +8
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH This Week

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Antivirus Endpoint Security +7
NVD
EPSS 54% 4.3 CVSS 5.9
MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js +68
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset Endpoint Antivirus +7
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Trend Micro Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Trend Micro Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Trend Micro Privilege Escalation Security
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Security
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Trend Micro Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Security
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Privilege escalation vulnerability in Windows products of ESET, spol. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Microsoft +10
NVD
EPSS 30% CVSS 7.2
HIGH POC THREAT This Week

The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Security
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Security
NVD
EPSS 2% CVSS 7.0
HIGH This Week

A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Trend Micro RCE Deep Security +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy