Filtered by vendor Avast
Subscribe
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9484 | 2 Avast, Avg | 2 Antivirus, Antivirus | 2024-11-08 | N/A | 5.5 MEDIUM |
| An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing. | |||||
| CVE-2024-9483 | 2 Avast, Avg | 2 Antivirus, Antivirus | 2024-11-08 | N/A | 5.5 MEDIUM |
| A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing. | |||||
| CVE-2024-9482 | 2 Avast, Avg | 2 Antivirus, Antivirus | 2024-11-08 | N/A | 5.5 MEDIUM |
| An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing. | |||||
| CVE-2024-9481 | 2 Avast, Avg | 2 Antivirus, Antivirus | 2024-11-08 | N/A | 5.5 MEDIUM |
| An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing. | |||||
| CVE-2024-5102 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-06-12 | N/A | 7.0 HIGH |
| A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance. This issue affects Avast Antivirus prior to 24.2. | |||||
| CVE-2023-5760 | 1 Avast | 1 Avg Antivirus | 2024-02-28 | N/A | 7.0 HIGH |
| A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8. | |||||
| CVE-2020-20118 | 1 Avast | 1 Antivirus | 2024-02-28 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver. | |||||
| CVE-2023-1587 | 3 Avast, Avg, Microsoft | 3 Antivirus, Anti-virus, Windows | 2024-02-28 | N/A | 5.5 MEDIUM |
| Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11 | |||||
| CVE-2023-1586 | 3 Avast, Avg, Microsoft | 3 Antivirus, Anti-virus, Windows | 2024-02-28 | N/A | 4.7 MEDIUM |
| Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11 | |||||
| CVE-2023-1585 | 3 Avast, Avg, Microsoft | 3 Antivirus, Anti-virus, Windows | 2024-02-28 | N/A | 6.3 MEDIUM |
| Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later. | |||||
| CVE-2022-4294 | 5 Avast, Avg, Avira and 2 more | 5 Antivirus, Antivirus, Avira Security and 2 more | 2024-02-28 | N/A | 7.8 HIGH |
| Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2022-4173 | 1 Avast | 2 Avast, Avg Antivirus | 2024-02-28 | N/A | 8.8 HIGH |
| A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10. | |||||
| CVE-2022-4291 | 1 Avast | 1 Script Shield | 2024-02-28 | N/A | 10.0 CRITICAL |
| The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component. | |||||
| CVE-2022-28965 | 1 Avast | 1 Premium Security | 2024-02-28 | 4.4 MEDIUM | 6.5 MEDIUM |
| Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. | |||||
| CVE-2022-28964 | 1 Avast | 1 Premium Security | 2024-02-28 | 5.4 MEDIUM | 7.1 HIGH |
| An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. | |||||
| CVE-2021-45338 | 1 Avast | 1 Antivirus | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security. | |||||
| CVE-2021-45335 | 1 Avast | 1 Antivirus | 2024-02-28 | 7.2 HIGH | 8.8 HIGH |
| Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files. | |||||
| CVE-2021-45336 | 1 Avast | 1 Antivirus | 2024-02-28 | 7.2 HIGH | 8.8 HIGH |
| Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges. | |||||
| CVE-2021-45339 | 1 Avast | 1 Antivirus | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense. | |||||
| CVE-2021-45337 | 1 Avast | 1 Antivirus | 2024-02-28 | 7.2 HIGH | 8.8 HIGH |
| Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection. | |||||