VYPR

Vendor CVEs

Avast\!

All CVEs

106 total · sorted by risk
  • CVE-2021-34998Jan 13, 2022
    risk 0.00cvss epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The…

  • CVE-2021-45339Dec 27, 2021
    risk 0.00cvss epss 0.00

    Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense.

  • CVE-2021-45338Dec 27, 2021
    risk 0.00cvss epss 0.00

    Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3)…

  • CVE-2021-45337Dec 27, 2021
    risk 0.00cvss epss 0.00

    Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection.

  • CVE-2021-45336Dec 27, 2021
    risk 0.00cvss epss 0.00

    Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.

  • CVE-2021-45335Dec 27, 2021
    risk 0.00cvss epss 0.00

    Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.

  • CVE-2020-23907Apr 21, 2021
    risk 0.00cvss epss 0.03

    An issue was discovered in retdec v3.3. In function canSplitFunctionOn() of ir_modifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution.

  • CVE-2021-27241Mar 29, 2021
    risk 0.00cvss epss 0.00

    This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2020-25289Sep 13, 2020
    risk 0.00cvss epss 0.00

    The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).

  • CVE-2020-15024Sep 10, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.

  • CVE-2020-13657Jun 29, 2020
    risk 0.00cvss epss 0.00

    An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files.

  • CVE-2020-10868Apr 1, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process.

  • CVE-2020-10867Apr 1, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled.

  • CVE-2020-10866Apr 1, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC.

  • CVE-2020-10865Apr 1, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.

  • CVE-2020-10864Apr 1, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process.

  • CVE-2020-10863Apr 1, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine.

  • CVE-2020-10862Apr 1, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC.

  • CVE-2020-10861Apr 1, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled.

  • CVE-2020-10860Apr 1, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe).

  • CVE-2020-8987Mar 9, 2020
    risk 0.00cvss epss 0.01

    Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using…

  • CVE-2020-10180Mar 5, 2020
    risk 0.00cvss epss 0.02

    The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for…

  • CVE-2020-9399Feb 28, 2020
    risk 0.00cvss epss 0.01

    The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.

  • CVE-2020-9362Feb 24, 2020
    risk 0.00cvss epss 0.01

    The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and…

  • CVE-2020-9264Feb 18, 2020
    risk 0.00cvss epss 0.01

    ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security…

  • CVE-2019-17190Jan 27, 2020
    risk 0.00cvss epss 0.01

    A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update…

  • CVE-2019-18653Nov 1, 2019
    risk 0.00cvss epss 0.01

    A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.

  • CVE-2019-17093Oct 23, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense…

  • CVE-2019-11230Jul 18, 2019
    risk 0.00cvss epss 0.01

    In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be…

  • CVE-2018-12572Mar 17, 2019
    risk 0.00cvss epss 0.00

    Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.

  • CVE-2015-5662Oct 18, 2015
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.

  • CVE-2013-0122Apr 22, 2013
    risk 0.00cvss epss 0.00

    The avast! Mobile Security application before 2.0.4400 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.avast.android.mobilesecurity.app.scanner.DeleteFileActivity with zero arguments.

  • CVE-2010-5151Aug 25, 2012
    risk 0.00cvss epss 0.00

    Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory…

  • CVE-2009-3524Oct 1, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.

  • CVE-2008-6846Jul 2, 2009
    risk 0.00cvss epss 0.04

    Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file.

  • CVE-2008-5523Dec 12, 2008
    risk 0.00cvss epss 0.03

    avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…

  • CVE-2008-3373Jul 30, 2008
    risk 0.00cvss epss 0.03

    The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.

  • CVE-2007-6265Dec 7, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive.

  • CVE-2007-3777Jul 15, 2007
    risk 0.00cvss epss 0.00

    avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL…

  • CVE-2007-1673May 9, 2007
    risk 0.00cvss epss 0.03

    unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

  • CVE-2007-1672May 9, 2007
    risk 0.00cvss epss 0.03

    avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

  • CVE-2007-0829Feb 7, 2007
    risk 0.00cvss epss 0.00

    avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements.

  • CVE-2006-5939Nov 16, 2006
    risk 0.00cvss epss 0.03

    Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers a divide-by-zero error. NOTE: some of these details are obtained from third party information.

  • CVE-2006-5938Nov 16, 2006
    risk 0.00cvss epss 0.02

    Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a crafted CAB file.

  • CVE-2006-5937Nov 16, 2006
    risk 0.00cvss epss 0.04

    Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

  • CVE-2006-5940Nov 16, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors related to "Integer Issues" and parsing of .EXE files.

  • CVE-2006-2869Jun 6, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors.

  • CVE-2006-1892Apr 20, 2006
    risk 0.00cvss epss 0.00

    avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a symlink attack on the /tmp/_avast4_ temporary directory.

  • CVE-2006-1355Mar 22, 2006
    risk 0.00cvss epss 0.00

    avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files.

  • CVE-2006-1125Mar 9, 2006
    risk 0.00cvss epss 0.00

    Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Everyone/Full Control permissions for certain update files including (1) upd_vers.cfg, (2) incavi.avm, and (3) unspecified drivers, which might allow local users to gain privileges.