CVE-2019-17103 – Get-task-allow entitlement via BDLDaemon on macOS
https://notcve.org/view.php?id=CVE-2019-17103
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0. Una vulnerabilidad de Permisos Predeterminados Incorrectos en el componente BDLDaemon de Bitdefender AV para Mac, permite a un atacante elevar los permisos para leer directorios protegidos. Este problema afecta: Bitdefender AV para Mac versiones anteriores a 8.0.0. • https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448 • CWE-276: Incorrect Default Permissions •
CVE-2019-19695
https://notcve.org/view.php?id=CVE-2019-19695
A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. Una vulnerabilidad de escalada de privilegios en Trend Micro Antivirus para Mac 2019 (versión v9.0.1379 y por debajo), podría permitir a un atacante crear un enlace simbólico a un archivo de destino y modificarlo. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124055.aspx • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-18653
https://notcve.org/view.php?id=CVE-2019-18653
A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. Se presenta un problema de tipo Cross Site Scripting (XSS) en Avast AntiVirus (Free, Internet Security y Premiere Edition) versión 19.3.2369 build 19.3.4241.440, en la ventana emergente de notificación de red, permitiendo a un atacante ejecutar código JavaScript por medio de un nombre SSID. • http://firstsight.me/2019/10/5000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop https://medium.com/%40YoKoKho/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-17093
https://notcve.org/view.php?id=CVE-2019-17093
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0. Se detectó un problema en Avast antivirus versiones anteriores a 19.8 y AVG antivirus versiones anteriores a 19.8. Una vulnerabilidad de Precarga de DLL permite a un atacante implantar una biblioteca %WINDIR%\system32\wbemcomn.dll, que se carga en un proceso protected-light (PPL) y puede omitir algunos de los mecanismos de autodefensa. • https://safebreach.com/Post/Avast-Antivirus-AVG-Antivirus-DLL-Preloading-into-PPL-and-Potential-Abuses https://safebreach.com/blog • CWE-427: Uncontrolled Search Path Element •
CVE-2019-16913
https://notcve.org/view.php?id=CVE-2019-16913
PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse. PC Protect Antivirus versión v4.14.31, se instala por defecto en %PROGRAMFILES(X86)%\PCProtect con permisos de carpeta muy débiles, otorgando a cualquier usuario permiso completo "Everyone: (F)" para el contenido del directorio y sus subcarpetas. Además, el programa instala un servicio llamado SecurityService que es ejecutado como LocalSystem. • https://flipflopsecurity.wordpress.com/2019/10/07/pc-protect-v4-14-31-privilege-esclation • CWE-276: Incorrect Default Permissions •