CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8107 – Process Control vulnerability in Bitdefender Antivirus Plus
https://notcve.org/view.php?id=CVE-2020-8107
A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136. Una vulnerabilidad de Control de Procesos en ProductAgentUI.exe usado en Bitdefender Antivirus Plus permite a un atacante manipular la configuración del producto por medio de un archivo DLL especialmente diseñado. • https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709 • CWE-114: Process Control •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2021-37852 – LPE in ESET products for Windows
https://notcve.org/view.php?id=CVE-2021-37852
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM. Los productos de ESET para Windows permiten a un proceso no confiable hacerse pasar por el cliente de una tubería, lo que puede ser aprovechado por un atacante para escalar privilegios en el contexto de NT AUTHORITY\SYSTEM This vulnerability allows local attackers to escalate privileges on affected installations of ESET Endpoint Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of named pipes. The issue results from allowing an untrusted process to impersonate the client of a pipe. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows https://www.zerodayinitiative.com/advisories/ZDI-22-148 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-43772
https://notcve.org/view.php?id=CVE-2021-43772
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. Trend Micro Security 2021 versión v17.0 (Consumer), contiene una vulnerabilidad que permite modificar los archivos dentro de la carpeta protegida sin ninguna detección • https://helpcenter.trendmicro.com/en-us/article/tmka-10855 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15732
https://notcve.org/view.php?id=CVE-2020-15732
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. Una vulnerabilidad de Comprobación Inapropiada de Certificados en el módulo Online Threat Prevention tal y como es usado en Bitdefender Total Security, permite a un atacante omitir potencialmente las comprobaciones de HTTP Strict Transport Security (HSTS). • https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26718
https://notcve.org/view.php?id=CVE-2021-26718
KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. KIS para macOS en algunos casos de uso era vulnerable a la omisión de AV que potencialmente permitía a un atacante deshabilitar la protección antivirus. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310321 • CWE-863: Incorrect Authorization •