VYPR

Vendor CVEs

Quickheal

All CVEs

36 total · sorted by risk
  • CVE-2017-8775CriMay 4, 2017
    risk 0.64cvss 9.8epss 0.01

    Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.

  • CVE-2017-8774CriMay 4, 2017
    risk 0.64cvss 9.8epss 0.01

    Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.

  • CVE-2017-8773CriMay 4, 2017
    risk 0.64cvss 9.8epss 0.02

    Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This…

  • CVE-2017-5005CriJan 2, 2017
    risk 0.64cvss 9.8epss 0.09

    Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O…

  • CVE-2024-48292HigNov 18, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges.

  • CVE-2015-8285HigApr 20, 2017
    risk 0.52cvss 7.5epss 0.05

    The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service.

  • CVE-2018-8090HigJul 25, 2018
    risk 0.51cvss 7.8epss 0.01

    Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick…

  • CVE-2017-8776HigMay 4, 2017
    risk 0.49cvss 7.5epss 0.01

    Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed…

  • CVE-2024-48293MedNov 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings.

  • CVE-2012-1463Mar 21, 2012
    risk 0.08cvss epss 0.94

    The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning…

  • CVE-2012-1460Mar 21, 2012
    risk 0.08cvss epss 0.95

    The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 3.12.14.2 allows remote attackers to bypass malware…

  • CVE-2012-1422Mar 21, 2012
    risk 0.08cvss epss 0.94

    The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial ITSF character sequence. NOTE: this may later…

  • CVE-2012-1420Mar 21, 2012
    risk 0.08cvss epss 0.97

    The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32…

  • CVE-2012-1448Mar 21, 2012
    risk 0.07cvss epss 0.89

    The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Micro AntiVirus 9.120.0.1004, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Trend Micro HouseCall 9.120.0.1004, and Emsisoft Anti-Malware 5.1.0.1 allows remote attackers to bypass malware detection via…

  • CVE-2012-1427Mar 21, 2012
    risk 0.07cvss epss 0.88

    The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later…

  • CVE-2012-1424Mar 21, 2012
    risk 0.07cvss epss 0.87

    The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with…

  • CVE-2013-6767Dec 20, 2013
    risk 0.03cvss epss 0.01

    Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE file.

  • CVE-2009-4556Jan 4, 2010
    risk 0.03cvss epss 0.01

    Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs, as demonstrated by…

  • CVE-2005-3231Oct 14, 2005
    risk 0.01cvss epss 0.14

    Multiple interpretation error in unspecified versions of CAT Quick Heal allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and…

  • CVE-2025-69875Feb 3, 2026
    risk 0.00cvss epss 0.00

    A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories.…

  • CVE-2023-53973Dec 22, 2025
    risk 0.00cvss epss 0.00

    Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quarantined files to restricted…

  • CVE-2024-6871Nov 22, 2024
    risk 0.00cvss epss 0.00

    G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute…

  • CVE-2024-30377Nov 22, 2024
    risk 0.00cvss epss 0.00

    G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged…

  • CVE-2024-1868Nov 22, 2024
    risk 0.00cvss epss 0.00

    G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the…

  • CVE-2024-1867Nov 22, 2024
    risk 0.00cvss epss 0.00

    G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the…

  • CVE-2023-27347May 3, 2024
    risk 0.00cvss epss 0.00

    G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the…

  • CVE-2022-31467May 23, 2022
    risk 0.00cvss epss 0.00

    A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not…

  • CVE-2020-27587Nov 30, 2020
    risk 0.00cvss epss 0.00

    Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password.

  • CVE-2020-27586Nov 30, 2020
    risk 0.00cvss epss 0.01

    Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text.

  • CVE-2020-27585Nov 30, 2020
    risk 0.00cvss epss 0.00

    Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password.

  • CVE-2020-9362Feb 24, 2020
    risk 0.00cvss epss 0.01

    The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and…

  • CVE-2016-10898Aug 21, 2019
    risk 0.00cvss epss 0.01

    The total-security plugin before 3.4.1 for WordPress has XSS.

  • CVE-2016-10899Aug 21, 2019
    risk 0.00cvss epss 0.01

    The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability.

  • CVE-2019-9742Mar 13, 2019
    risk 0.00cvss epss 0.01

    gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\gdwfpcd device are not properly protected, leading to unintended…

  • CVE-2018-18603Oct 23, 2018
    risk 0.00cvss epss 0.01

    360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related…

  • CVE-2008-5524Dec 12, 2008
    risk 0.00cvss epss 0.02

    CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt…