VYPR

Vendor CVEs

Avira

All CVEs

76 total · sorted by risk
  • CVE-2014-125118CriJul 25, 2025
    risk 0.69cvss epss 0.03

    A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid username to inject arbitrary…

  • CVE-2025-69828CriJan 22, 2026
    risk 0.65cvss 10.0epss 0.00

    File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit

  • CVE-2016-10402HigJul 27, 2017
    risk 0.52cvss 7.8epss 0.10

    Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow.

  • CVE-2025-9033HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds…

  • CVE-2025-7002HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds…

  • CVE-2026-27914HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.03

    Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27750HigMar 5, 2026
    risk 0.51cvss 7.8epss 0.00

    Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without…

  • CVE-2026-27749HigMar 5, 2026
    risk 0.51cvss 7.8epss 0.00

    Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET…

  • CVE-2026-27748HigMar 5, 2026
    risk 0.51cvss 7.8epss 0.00

    Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\\ProgramData without validating whether the path resolves through a symbolic…

  • CVE-2018-5220HigJan 4, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.

  • CVE-2018-5219HigJan 4, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168.

  • CVE-2018-5218HigJan 4, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0.

  • CVE-2018-5088HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C.

  • CVE-2018-5086HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.

  • CVE-2018-5085HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.

  • CVE-2018-5082HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.

  • CVE-2018-5081HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.

  • CVE-2018-5080HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.

  • CVE-2015-7732HigJun 15, 2017
    risk 0.49cvss 7.5epss 0.01

    The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.

  • CVE-2017-6417MedMar 21, 2017
    risk 0.44cvss 6.7epss 0.01

    Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject…

  • CVE-2010-5153MedAug 25, 2012
    risk 0.35cvss 5.3epss 0.01

    Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space…

  • CVE-2024-51324LowFeb 11, 2025
    risk 0.25cvss 3.8epss 0.00

    An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.

  • CVE-2012-1459Mar 21, 2012
    risk 0.08cvss epss 1.00

    The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus…

  • CVE-2012-1457Mar 21, 2012
    risk 0.08cvss epss 0.98

    The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1,…

  • CVE-2012-1443Mar 21, 2012
    risk 0.08cvss epss 1.00

    The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft…

  • CVE-2012-1425Mar 21, 2012
    risk 0.07cvss epss 0.93

    The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky…

  • CVE-2015-7303Sep 21, 2015
    risk 0.03cvss epss 0.35

    Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header.

  • CVE-2007-2974Jun 1, 2007
    risk 0.01cvss epss 0.08

    Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around."

  • CVE-2025-69612Jan 22, 2026
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing…

  • CVE-2020-36909Jan 6, 2026
    risk 0.00cvss epss 0.01

    SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to…

  • CVE-2020-36908Jan 6, 2026
    risk 0.00cvss epss 0.00

    SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user…

  • CVE-2024-23440Feb 13, 2024
    risk 0.00cvss epss 0.00

    Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.

  • CVE-2024-23439Feb 13, 2024
    risk 0.00cvss epss 0.00

    Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver.

  • CVE-2023-36673Aug 9, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN…

  • CVE-2023-35077Jul 21, 2023
    risk 0.00cvss epss 0.01

    An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.

  • CVE-2023-1900Apr 19, 2023
    risk 0.00cvss epss 0.00

    A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to a denial-of-service situation. Issue was fixed with Endpointprotection.exe version 1.0.2303.633

  • CVE-2023-1631Mar 25, 2023
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. This affects the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a…

  • CVE-2023-1630Mar 25, 2023
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in JiangMin Antivirus 16.2.2022.418. Affected by this issue is the function 0x222000 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is…

  • CVE-2023-1629Mar 25, 2023
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in JiangMin Antivirus 16.2.2022.418. Affected by this vulnerability is the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to memory corruption. An attack has to be approached…

  • CVE-2023-1628Mar 25, 2023
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic has been found in Jianming Antivirus 16.2.2022.418. Affected is an unknown function in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached…

  • CVE-2023-1626Mar 25, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been declared as critical. This vulnerability affects unknown code in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Attacking locally is a…

  • CVE-2022-4429Jan 10, 2023
    risk 0.00cvss epss 0.00

    Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78

  • CVE-2022-38582Nov 4, 2022
    risk 0.00cvss epss 0.01

    Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files.

  • CVE-2022-3368Oct 17, 2022
    risk 0.00cvss epss 0.01

    A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.

  • CVE-2018-16719Nov 23, 2020
    risk 0.00cvss epss 0.00

    In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00221482.

  • CVE-2018-16720Nov 23, 2020
    risk 0.00cvss epss 0.00

    In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304.

  • CVE-2018-16721Nov 23, 2020
    risk 0.00cvss epss 0.00

    In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306.

  • CVE-2018-16723Nov 23, 2020
    risk 0.00cvss epss 0.00

    In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020.

  • CVE-2020-13183Aug 17, 2020
    risk 0.00cvss epss 0.01

    Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload.

  • CVE-2020-13174Aug 11, 2020
    risk 0.00cvss epss 0.01

    The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking.

Page 1 of 2