CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-45338
https://notcve.org/view.php?id=CVE-2021-45338
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security. Múltiples vulnerabilidades de escalada de privilegios en Avast Antivirus versiones anteriores a 20.4, permiten a un usuario local alcanzar privilegios elevados al llamar a métodos internos innecesariamente potentes del servicio antivirus principal, lo que podría conllevar el (1) borrado arbitrario de archivos, (2) escritura y (3) restablecimiento de la seguridad • https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.1 https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.2 https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.3 https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45337
https://notcve.org/view.php?id=CVE-2021-45337
Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection. Una vulnerabilidad de escalada de privilegios en el controlador de Autodefensa de Avast Antivirus versiones anteriores a 20.8, permite a un usuario local con privilegios SYSTEM alcanzar privilegios elevados al "vaciar" el proceso wsc_proxy.exe, que podría conllevar a una adquisición de protección antimalware (AM-PPL) • https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45336
https://notcve.org/view.php?id=CVE-2021-45336
Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges. Una vulnerabilidad de escalada de privilegios en el componente Sandbox de Avast Antivirus versiones anteriores a 20.4, permite a un código local del sandbox alcanzar privilegios elevados al usar las interfaces IPC del sistema, lo que podría conllevar a una salida del sandbox y la adquisición de privilegios de SYSTEM • https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45335
https://notcve.org/view.php?id=CVE-2021-45335
Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files. El componente Sandbox en Avast Antivirus versiones anteriores a 20.4, presenta un permiso no seguro que podría ser abusado por el usuario local para controlar el resultado de los escaneos, y por lo tanto omitir la detección o borrar archivos arbitrarios del sistema • https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 • CWE-276: Incorrect Default Permissions •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25227 – Trend Micro Antivirus for Mac Memory Exhaustion Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-25227
Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability - i.e. the attacker must already have access to the target system (either legitimately or via another exploit). Trend Micro Antivirus para Mac 2021 (Consumer) es susceptible a una vulnerabilidad de agotamiento de la memoria que podría conllevar a deshabilitar todas las funciones de escaneo dentro de la aplicación. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado en el sistema objetivo a los fines de explotar esta vulnerabilidad, es decir, el atacante ya debe tener acceso al sistema objetivo (ya sea legítimamente o mediante otro explotación) This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Antivirus for Mac. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the iCoreService executable. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10191 https://www.zerodayinitiative.com/advisories/ZDI-21-102 • CWE-400: Uncontrolled Resource Consumption •