CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45339
https://notcve.org/view.php?id=CVE-2021-45339
27 Dec 2021 — Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense. Una vulnerabilidad de escalada de privilegios en Avast Antivirus versiones anteriores a 20.4, permite a un usuario local alcanzar privilegios elevados al "vaciar" los procesos confiables, lo que podría conllevar a una omisión de la autodefensa de Avast • https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST0 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-45338
https://notcve.org/view.php?id=CVE-2021-45338
27 Dec 2021 — Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security. Múltiples vulnerabilidades de escalada de privilegios en Avast Antivirus versiones anteriores a 20.4, permiten a un usuario local alcanzar privilegios elevados al llamar a métodos internos innecesariamente potentes del s... • https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.1 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45337
https://notcve.org/view.php?id=CVE-2021-45337
27 Dec 2021 — Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection. Una vulnerabilidad de escalada de privilegios en el controlador de Autodefensa de Avast Antivirus versiones anteriores a 20.8, permite a un usuario local con privilegios SYSTEM alcanzar privilegios elevados al "vaciar" el proceso wsc_proxy.exe, que... • https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45336
https://notcve.org/view.php?id=CVE-2021-45336
27 Dec 2021 — Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges. Una vulnerabilidad de escalada de privilegios en el componente Sandbox de Avast Antivirus versiones anteriores a 20.4, permite a un código local del sandbox alcanzar privilegios elevados al usar las interfaces IPC del sistema, lo que podría conllevar a una salid... • https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45335
https://notcve.org/view.php?id=CVE-2021-45335
27 Dec 2021 — Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files. El componente Sandbox en Avast Antivirus versiones anteriores a 20.4, presenta un permiso no seguro que podría ser abusado por el usuario local para controlar el resultado de los escaneos, y por lo tanto omitir la detección o borrar archivos arbitrarios del sistema • https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43771 – Trend Micro Antivirus for Mac Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-43771
17 Nov 2021 — Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Trend Micro Antivirus para Mac 2021 versión v11 (Consumer), es susceptible a una vulnerabilidad de esc... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10832 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28648 – Trend Micro Antivirus for Mac Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-28648
15 Apr 2021 — Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. Trend Micro Antivirus para Mac 2020 versiones v10.5 y 2021 v11 (Consumidor) es susceptible a una... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10293 •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25227 – Trend Micro Antivirus for Mac Memory Exhaustion Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-25227
29 Jan 2021 — Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability - i.e. the attacker must already have access to the target system (either legitimately or via another exploit). Trend Micro Antivirus para Mac 2021 (Consumer) es susceptible a una vulne... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10191 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15024
https://notcve.org/view.php?id=CVE-2020-15024
10 Sep 2020 — An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation. Se detectó un problema en la funcionalidad Login Password del componente Password Manager en Avast Antivirus versión 20.1.5069.562. La contraseña ingresada sigue siendo almacenada en la memoria principal de Windows después de cerrar la sesión y después de una operación... • http://nestedif.com/avast-antivirus-password-manager-vulnerability-improper-session-handling-leading-to-information-disclosure-advisory • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12254
https://notcve.org/view.php?id=CVE-2020-12254
26 Apr 2020 — Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. Avira Antivirus versiones anteriores a la versión 5.0.2003.1821 en Windows, permite una escalada de privilegios o una denegación de servicio por medio del abuso de un enlace simbólico. • http://web.archive.org/web/20200429193852/https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows • CWE-59: Improper Link Resolution Before File Access ('Link Following') •