cbcvebase.

Avast Antivirus vulnerabilities

33 known vulnerabilities affecting avast/antivirus.

Total CVEs
33
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH18MEDIUM12

Vulnerabilities

Page 1 of 2
CVE-2025-3500P3CRITICALCVSS 9.8≥ 25.1.981.6, < 25.32025-12-01
CVE-2025-3500 [CRITICAL] CWE-190 CVE-2025-3500: Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privi Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.
nvd
CVE-2020-10867P3CRITICALCVSS 9.8fixed in 20.02020-04-01
CVE-2020-10867 [CRITICAL] CWE-668 CVE-2020-10867: An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled.
nvd
CVE-2017-8307P3CRITICALCVSS 9.8≤ 12.3.22792017-04-27
CVE-2017-8307 [CRITICAL] CVE-2017-8307: In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows servi In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also exploitable in conjunction with CVE-2017-8308 when Avast Self-De
nvd
CVE-2021-45336P3HIGHCVSS 8.8fixed in 20.42021-12-27
CVE-2021-45336 [HIGH] CVE-2021-45336: Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.
nvd
CVE-2021-45337P3HIGHCVSS 8.8fixed in 20.82021-12-27
CVE-2021-45337 [HIGH] CVE-2021-45337: Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allow Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection.
nvd
CVE-2021-45335P3HIGHCVSS 8.8fixed in 20.42021-12-27
CVE-2021-45335 [HIGH] CWE-276 CVE-2021-45335: Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.
nvd
CVE-2021-45338P3HIGHCVSS 7.8fixed in 20.42021-12-27
CVE-2021-45338 [HIGH] CVE-2021-45338: Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.
nvd
CVE-2025-13032P3HIGHCVSS 7.8fixed in 25.32025-11-11
CVE-2025-13032 [HIGH] CWE-367 CVE-2025-13032: Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow.
nvd
CVE-2020-10861P3HIGHCVSS 7.5fixed in 20.02020-04-01
CVE-2020-10861 [HIGH] CVE-2020-10861: An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled.
nvd
CVE-2020-10865P3HIGHCVSS 7.5fixed in 20.02020-04-01
CVE-2020-10865 [HIGH] CWE-829 CVE-2020-10865: An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.
nvd
CVE-2020-10866P3HIGHCVSS 7.5fixed in 20.02020-04-01
CVE-2020-10866 [HIGH] CWE-326 CVE-2020-10866: An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC.
nvd
CVE-2021-45339P3HIGHCVSS 7.8fixed in 20.42021-12-27
CVE-2021-45339 [HIGH] CWE-863 CVE-2021-45339: Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elev Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense.
nvd
CVE-2020-10868P3HIGHCVSS 7.5fixed in 20.02020-04-01
CVE-2020-10868 [HIGH] CVE-2020-10868: An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process.
nvd
CVE-2022-4294P3HIGHCVSS 7.8fixed in 22.102023-01-10
CVE-2022-4294 [HIGH] CWE-269 CVE-2022-4294: Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vuln Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
nvd
CVE-2020-10863P3HIGHCVSS 7.5fixed in 20.02020-04-01
CVE-2020-10863 [HIGH] CVE-2020-10863: An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine.
nvd
CVE-2017-8308P3HIGHCVSS 7.5≤ 12.3.22792017-04-27
CVE-2017-8308 [HIGH] CWE-269 CVE-2017-8308: In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitr In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components.
nvd
CVE-2025-7007P3HIGHCVSS 7.5v16.0.02025-12-01
CVE-2025-7007 [HIGH] CWE-476 CVE-2025-7007: NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when sc NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed Windows PE file causes the antivirus process to crash.This issue affects Antivirus: 16.0.0; Anitvirus: 3.0.3.
nvd
CVE-2020-10860P3HIGHCVSS 7.5fixed in 20.02020-04-01
CVE-2020-10860 [HIGH] CWE-787 CVE-2020-10860: An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerab An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe).
nvd
CVE-2020-10862P3HIGHCVSS 7.8fixed in 20.02020-04-01
CVE-2020-10862 [HIGH] CVE-2020-10862: An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC.
nvd
CVE-2019-17093P4HIGHCVSS 7.8fixed in 19.82019-10-23
CVE-2019-17093 [HIGH] CWE-427 CVE-2019-17093: An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloadi An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.454
nvd
Avast Antivirus vulnerabilities | cvebase