CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10862
https://notcve.org/view.php?id=CVE-2020-10862
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC. Se detectó un problema en Avast Antivirus versiones anteriores a 20. El endpoint de aswTask RPC para la biblioteca TaskEx en el Avast Service (AvastSvc.exe) permite a atacantes lograr una Escalada de Privilegios Local (LPE) por medio de una RPC. • https://forum.avast.com/index.php?topic=232420.0 https://forum.avast.com/index.php?topic=232423.0 https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10861
https://notcve.org/view.php?id=CVE-2020-10861
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled. Se detectó un problema en Avast Antivirus versiones anteriores a 20. El endpoint de aswTask RPC para la biblioteca TaskEx en el Avast Service (AvastSvc.exe) permite a atacantes lograr una Eliminación de Archivos Arbitrarios de Avast Program Path por medio de una RPC, cuando Self Defense está Habilitada. • https://forum.avast.com/index.php?topic=232420.0 https://forum.avast.com/index.php?topic=232423.0 https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10860
https://notcve.org/view.php?id=CVE-2020-10860
An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe). Se detectó un problema en Avast Antivirus versiones anteriores a 20. Una vulnerabilidad de Sobrescritura de Dirección de Memoria Arbitraria en la aswAvLog Log Library que resulta en una Denegación de Servicio del Avast Service (AvastSvc.exe). • https://forum.avast.com/index.php?topic=232420.0 https://forum.avast.com/index.php?topic=232423.0 https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8093 – Code Injection into Bitdefender AV for Mac
https://notcve.org/view.php?id=CVE-2020-8093
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution Una vulnerabilidad en el binario AntivirusforMac como es usado en Bitdefender Antivirus para Mac, le permite a un atacante inyectar una biblioteca usando la variable de entorno DYLD para causar una ejecución de código de terceros. • https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8092 – Privilege escalation in Bitdefender AV for Mac
https://notcve.org/view.php?id=CVE-2020-8092
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0. Una vulnerabilidad de escalada de privilegios en BDLDaemon como es usado en Bitdefender Antivirus para Mac, permite a un atacante local obtener tokens de autenticación para peticiones enviadas hacia Bitdefender Cloud. Este problema afecta a: Bitdefender Bitdefender Antivirus para Mac versiones anteriores a 8.0.0. • https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-av-for-mac-va-3499 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •