VYPR

Avg Antivirus

by Avast\!

CVEs (27)

  • CVE-2024-5803HigOct 3, 2024
    risk 0.49cvss 7.5epss 0.00

    The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled.

  • CVE-2024-9484Oct 4, 2024
    risk 0.00cvss epss 0.00

    An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.

  • CVE-2024-9481Oct 4, 2024
    risk 0.00cvss epss 0.00

    An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing.

  • CVE-2024-5102Jun 10, 2024
    risk 0.00cvss epss 0.00

    A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair)…

  • CVE-2023-5760Nov 8, 2023
    risk 0.00cvss epss 0.00

    A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue…

  • CVE-2023-1587Apr 19, 2023
    risk 0.00cvss epss 0.00

    Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11

  • CVE-2023-1586Apr 19, 2023
    risk 0.00cvss epss 0.00

    Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11

  • CVE-2023-1585Apr 19, 2023
    risk 0.00cvss epss 0.00

    Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14…

  • CVE-2022-4173Dec 5, 2022
    risk 0.00cvss epss 0.01

    A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10.

  • CVE-2021-45336Dec 27, 2021
    risk 0.00cvss epss 0.00

    Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.

  • CVE-2021-45335Dec 27, 2021
    risk 0.00cvss epss 0.00

    Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.

  • CVE-2020-10866Apr 1, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC.

  • CVE-2020-10865Apr 1, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.

  • CVE-2020-10864Apr 1, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process.

  • CVE-2020-10863Apr 1, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine.

  • CVE-2020-10861Apr 1, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled.

  • CVE-2020-10860Apr 1, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe).

  • CVE-2019-17093Oct 23, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense…

  • CVE-2008-3373Jul 30, 2008
    risk 0.00cvss epss 0.03

    The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.

  • CVE-2007-3777Jul 15, 2007
    risk 0.00cvss epss 0.00

    avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL…

Page 1 of 2