CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45335
https://notcve.org/view.php?id=CVE-2021-45335
Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files. El componente Sandbox en Avast Antivirus versiones anteriores a 20.4, presenta un permiso no seguro que podría ser abusado por el usuario local para controlar el resultado de los escaneos, y por lo tanto omitir la detección o borrar archivos arbitrarios del sistema • https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43771 – Trend Micro Antivirus for Mac Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-43771
Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Trend Micro Antivirus para Mac 2021 versión v11 (Consumer), es susceptible a una vulnerabilidad de escalada de privilegios por control de acceso inapropiado que podría permitir a un atacante establecer una conexión que podría conllevar a una escalada de privilegios local completa dentro de la aplicación. Tenga en cuenta que un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within com.trendmicro.AFM.HelperTool. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10832 https://www.zerodayinitiative.com/advisories/ZDI-21-1320 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28648 – Trend Micro Antivirus for Mac Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-28648
Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. Trend Micro Antivirus para Mac 2020 versiones v10.5 y 2021 v11 (Consumidor) es susceptible a una vulnerabilidad de escalada de privilegios de control de acceso inapropiado que podría permitir a un atacante establecer una conexión que podría conllevar a una escalada de privilegios local completa dentro de la aplicación. Tome en cuenta que un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado en el sistema objetivo para explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within com.trendmicro.AFM.HelperTool. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10293 https://www.zerodayinitiative.com/advisories/ZDI-21-420 •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25227 – Trend Micro Antivirus for Mac Memory Exhaustion Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-25227
Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability - i.e. the attacker must already have access to the target system (either legitimately or via another exploit). Trend Micro Antivirus para Mac 2021 (Consumer) es susceptible a una vulnerabilidad de agotamiento de la memoria que podría conllevar a deshabilitar todas las funciones de escaneo dentro de la aplicación. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado en el sistema objetivo a los fines de explotar esta vulnerabilidad, es decir, el atacante ya debe tener acceso al sistema objetivo (ya sea legítimamente o mediante otro explotación) This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Antivirus for Mac. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the iCoreService executable. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10191 https://www.zerodayinitiative.com/advisories/ZDI-21-102 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12254
https://notcve.org/view.php?id=CVE-2020-12254
Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. Avira Antivirus versiones anteriores a la versión 5.0.2003.1821 en Windows, permite una escalada de privilegios o una denegación de servicio por medio del abuso de un enlace simbólico. • http://web.archive.org/web/20200429193852/https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows • CWE-59: Improper Link Resolution Before File Access ('Link Following') •