CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14242
https://notcve.org/view.php?id=CVE-2019-14242
30 Jul 2019 — An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. Se detectó un problema en los productos de Bitdefender para Windows ... • https://www.bitdefender.com/support/security-advisories/code-injection-bitdefender-products-windows • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-14270
https://notcve.org/view.php?id=CVE-2019-14270
25 Jul 2019 — Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape. Comodo Antivirus hasta la versión 12.0.0.6870, Comodo Firewall hasta la versión 12.0.0.6870, y Comodo Internet Security Premium hasta la versión 12.0.0.6870, con la característica Comodo Container, son vulnerables a un escape del Sandbox. • https://gaissecurity.com/yazi/discovery-of-sandbox-escape-on-comodo-container-antivirus-amp-firewall •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-8286
https://notcve.org/view.php?id=CVE-2019-8286
18 Jul 2019 — Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6 La divulgación de información en Kaspersky Anti-Virus, Kaspersky Internet Security, las versiones de Kaspersky Total Security hasta 2019 podrían revelar una identificación de producto única al obligar a l... • http://www.securityfocus.com/bid/109300 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-11644
https://notcve.org/view.php?id=CVE-2019-11644
17 May 2019 — In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process th... • https://www.f-secure.com/en/web/labs_global/fsc-2019-2 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 4CVE-2018-18333
https://notcve.org/view.php?id=CVE-2018-18333
05 Feb 2019 — A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations. Una vulnerabilidad de secuestro de DLL en Trend Micro Security 2019 (Consumer), en versiones anteriores a la 15.0.0.1163, podría permitir a un atacante manipular un DLL específico y escalar privilegios en instalaciones vulnerables. • https://github.com/mrx04programmer/Dr.DLL-CVE-2018-18333 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-15363 – Trend Micro Maximum Security ID_AMSP_MASTER Out-Of-Bounds Read Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-15363
30 Aug 2018 — An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de lectura fuera de límites y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instal... • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10514 – Trend Micro Maximum Security ID_AMSP_MASTER Missing Impersonation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10514
30 Aug 2018 — A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de falta de suplantación y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instala... • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10513 – Trend Micro Maximum Security ID_AMSP_MASTER Deserialization of Untrusted Data Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10513
30 Aug 2018 — A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de deserialización de datos no fiables y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local esc... • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 2%CPEs: 9EXPL: 1CVE-2018-3608
https://notcve.org/view.php?id=CVE-2018-3608
06 Jul 2018 — A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. Una vulnerabilidad en el controlador UMH (User-Mode Hooking) en Trend Micro Maximum Security (Consumer) 2018 (en versiones 12.0.1191 y anteriores) podría permitir que un atacante cree un paquete especialmente man... • https://github.com/gguaiker/Trend_Micro_POC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6236 – Trend Micro Maximum Security tmusa Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6236
04 May 2018 — A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalado de privilegios por TOCTOU (Time-of-Check Time-of-Use) en Trend Micro Maximum Security... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •