Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Antivirus
(Avast)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 30 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-10-04 | CVE-2024-9481 | An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing. | Antivirus, Antivirus | 5.5 | ||
| 2024-10-04 | CVE-2024-9482 | An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing. | Antivirus, Antivirus | 5.5 | ||
| 2024-10-04 | CVE-2024-9483 | A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing. | Antivirus, Antivirus | 5.5 | ||
| 2024-10-04 | CVE-2024-9484 | An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing. | Antivirus, Antivirus | 5.5 | ||
| 2024-06-10 | CVE-2024-5102 | A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can... | Antivirus | 7.0 | ||
| 2020-09-10 | CVE-2020-15024 | An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation. | Antivirus | 5.5 | ||
| 2019-11-01 | CVE-2019-18653 | A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | Antivirus | 6.1 | ||
| 2023-01-10 | CVE-2022-4294 | Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | Antivirus, Antivirus, Avira_security, Power_eraser | 7.8 | ||
| 2023-07-11 | CVE-2020-20118 | Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver. | Antivirus | 5.5 | ||
| 2023-04-19 | CVE-2023-1585 | Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later. | Antivirus, Anti\-Virus | 6.3 |