CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10863
https://notcve.org/view.php?id=CVE-2020-10863
01 Apr 2020 — An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine. Se detectó un problema en Avast Antivirus versiones anteriores a 20. El endpoint de aswTask RPC para la biblioteca TaskEx en el Avast Service (AvastSvc.exe) permite a atacantes desencadenar un apagado por medio de una RPC a partir de un proceso Low Integrity por medio de T... • https://forum.avast.com/index.php?topic=232420.0 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10862
https://notcve.org/view.php?id=CVE-2020-10862
01 Apr 2020 — An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC. Se detectó un problema en Avast Antivirus versiones anteriores a 20. El endpoint de aswTask RPC para la biblioteca TaskEx en el Avast Service (AvastSvc.exe) permite a atacantes lograr una Escalada de Privilegios Local (LPE) por medio de una RPC. • https://forum.avast.com/index.php?topic=232420.0 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10861
https://notcve.org/view.php?id=CVE-2020-10861
01 Apr 2020 — An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled. Se detectó un problema en Avast Antivirus versiones anteriores a 20. El endpoint de aswTask RPC para la biblioteca TaskEx en el Avast Service (AvastSvc.exe) permite a atacantes lograr una Eliminación de Archivos Arbitrarios de Avast Program Path por medio de ... • https://forum.avast.com/index.php?topic=232420.0 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10860
https://notcve.org/view.php?id=CVE-2020-10860
01 Apr 2020 — An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe). Se detectó un problema en Avast Antivirus versiones anteriores a 20. Una vulnerabilidad de Sobrescritura de Dirección de Memoria Arbitraria en la aswAvLog Log Library que resulta en una Denegación de Servicio del Avast Service (AvastSvc.exe). • https://forum.avast.com/index.php?topic=232420.0 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8093 – Code Injection into Bitdefender AV for Mac
https://notcve.org/view.php?id=CVE-2020-8093
29 Jan 2020 — A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution Una vulnerabilidad en el binario AntivirusforMac como es usado en Bitdefender Antivirus para Mac, le permite a un atacante inyectar una biblioteca usando la variable de entorno DYLD para causar una ejecución de código de terceros. • https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8092 – Privilege escalation in Bitdefender AV for Mac
https://notcve.org/view.php?id=CVE-2020-8092
29 Jan 2020 — A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0. Una vulnerabilidad de escalada de privilegios en BDLDaemon como es usado en Bitdefender Antivirus para Mac, permite a un atacante local obtener tokens de autenticación para peticiones enviadas hacia Bitdefender Cloud. Este proble... • https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-av-for-mac-va-3499 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17103 – Get-task-allow entitlement via BDLDaemon on macOS
https://notcve.org/view.php?id=CVE-2019-17103
27 Jan 2020 — An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0. Una vulnerabilidad de Permisos Predeterminados Incorrectos en el componente BDLDaemon de Bitdefender AV para Mac, permite a un atacante elevar los permisos para leer directorios protegidos. Este problema afecta: Bitdefender AV para Mac versiones anteriores a 8.0.0. • https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19695
https://notcve.org/view.php?id=CVE-2019-19695
24 Dec 2019 — A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. Una vulnerabilidad de escalada de privilegios en Trend Micro Antivirus para Mac 2019 (versión v9.0.1379 y por debajo), podría permitir a un atacante crear un enlace simbólico a un archivo de destino y modificarlo. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124055.aspx • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-17093
https://notcve.org/view.php?id=CVE-2019-17093
23 Oct 2019 — An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0. Se detectó un problema en Avast antivirus versiones anteriores a 19.8 y AVG antivirus versiones anteriores a 19.8. Una ... • https://safebreach.com/Post/Avast-Antivirus-AVG-Antivirus-DLL-Preloading-into-PPL-and-Potential-Abuses • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16913
https://notcve.org/view.php?id=CVE-2019-16913
07 Oct 2019 — PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse. PC Protect Antivirus versión v4.14.31, se instala por defecto en %PROGR... • https://flipflopsecurity.wordpress.com/2019/10/07/pc-protect-v4-14-31-privilege-esclation • CWE-276: Incorrect Default Permissions •