VYPR
Vendor

Avira

Avira Operations GmbH & Co. KG is a German multinational computer security software company mainly known for its Avira Free Security antivirus software. Although founded in 2006, the Avira antivirus application has been under active development since 1986 through its predecessor company H+BEDV Datentechnik GmbH. Since 2021, Avira has been owned by American software company NortonLifeLock, which also operates Norton, Avast and AVG. It was previously owned by investment firm Investcorp.

Founded 1986
Products
21
CVEs
76
Across products
99
Status
Private

Products

21

Recent CVEs

76
View all 76 CVEs →
  • CVE-2014-125118CriJul 25, 2025
    risk 0.69cvss epss 0.03

    A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid username to inject arbitrary…

  • CVE-2025-69828CriJan 22, 2026
    risk 0.65cvss 10.0epss 0.00

    File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit

  • CVE-2016-10402HigJul 27, 2017
    risk 0.52cvss 7.8epss 0.10

    Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow.

  • CVE-2025-9033HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds…

  • CVE-2025-7002HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds…

  • CVE-2026-27914HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.03

    Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27750HigMar 5, 2026
    risk 0.51cvss 7.8epss 0.00

    Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without…

  • CVE-2026-27749HigMar 5, 2026
    risk 0.51cvss 7.8epss 0.00

    Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET…

  • CVE-2026-27748HigMar 5, 2026
    risk 0.51cvss 7.8epss 0.00

    Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\\ProgramData without validating whether the path resolves through a symbolic…

  • CVE-2018-5220HigJan 4, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.

  • CVE-2018-5219HigJan 4, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168.

  • CVE-2018-5218HigJan 4, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0.

  • CVE-2018-5088HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C.

  • CVE-2018-5086HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.

  • CVE-2018-5085HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.

  • CVE-2018-5082HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.

  • CVE-2018-5081HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.

  • CVE-2018-5080HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.

  • CVE-2015-7732HigJun 15, 2017
    risk 0.49cvss 7.5epss 0.01

    The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.

  • CVE-2017-6417MedMar 21, 2017
    risk 0.44cvss 6.7epss 0.01

    Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject…