Every CVE whose affected-product data names Eset Smart Security, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2020-10180 — CVSS 9.8 (critical): The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294…
CVE-2008-5527 — CVSS 9.3 (critical): ESET Smart Security, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by…
CVE-2024-0353 — CVSS 7.8 (high): Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having…
CVE-2023-3160 — CVSS 7.8 (high): The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files…
CVE-2020-11446 — CVSS 7.8 (high): ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET…
CVE-2018-0649 — CVSS 7.8 (high): Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium…
CVE-2021-37852 — CVSS 7.8 (high): ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate…
CVE-2020-10193 — CVSS 7.5 (high): ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects…
CVE-2023-5594 — CVSS 7.5 (high): Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using…
CVE-2021-37851 — CVSS 7.3 (high): Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer…
CVE-2008-7107 — CVSS 7.2 (high): easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to…
CVE-2008-5724 — CVSS 7.2 (high): The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain…
CVE-2022-27167 — CVSS 7.1 (high): Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features…
CVE-2014-4973 — CVSS 6.9 (medium): The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart…
CVE-2024-3779 — CVSS 6.1 (medium): Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s…
CVE-2020-9264 — CVSS 5.5 (medium): ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This…
CVE-2020-26941 — CVSS 5.5 (medium): A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of…
CVE-2010-5160 — CVSS 4.5 (medium): Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous…