Avast Antivirus vulnerabilities
33 known vulnerabilities affecting avast/antivirus.
Total CVEs
33
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH18MEDIUM12
Vulnerabilities
Page 2 of 2
CVE-2024-5102P4HIGHCVSS 7.0fixed in 24.2v24.22024-06-10
CVE-2024-5102 [HIGH] CWE-1284 CVE-2024-5102: A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow use
A sym-linked file accessed via the repair function in Avast Antivirus troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Eleva
nvd
CVE-2023-1585P4MEDIUMCVSS 6.3≥ 22.5, < 22.112023-04-19
CVE-2023-1585 [MEDIUM] CWE-367 CVE-2023-1585: Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulner
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later.
nvd
CVE-2020-10864P4MEDIUMCVSS 6.5fixed in 20.02020-04-01
CVE-2020-10864 [MEDIUM] CVE-2020-10864: An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process.
nvd
CVE-2019-18653P4MEDIUMCVSS 6.1v19.3.23692019-11-01
CVE-2019-18653 [MEDIUM] CWE-79 CVE-2019-18653: A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere
A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.
nvd
CVE-2020-15024P4MEDIUMCVSS 5.5v20.1.5069.5622020-09-10
CVE-2020-15024 [MEDIUM] CWE-212 CVE-2020-15024: An issue was discovered in the Login Password feature of the Password Manager component in Avast Ant
An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.
nvd
CVE-2019-11230P4MEDIUMCVSS 4.4fixed in 19.42019-07-18
CVE-2019-11230 [MEDIUM] CWE-59 CVE-2019-11230: In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename a critical product file (e.g., AvastSvc.exe), causing t
nvd
CVE-2024-9481P4MEDIUMCVSS 5.5fixed in 240924002024-10-04
CVE-2024-9481 [MEDIUM] CWE-787 CVE-2024-9481: An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 2
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing.
nvd
CVE-2024-9482P4MEDIUMCVSS 5.5fixed in 240924002024-10-04
CVE-2024-9482 [MEDIUM] CWE-787 CVE-2024-9482: An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 2
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing.
nvd
CVE-2023-1586P4MEDIUMCVSS 4.7≥ 22.5, < 22.112023-04-19
CVE-2023-1586 [MEDIUM] CWE-367 CVE-2023-1586: Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulner
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11
nvd
CVE-2020-20118P4MEDIUMCVSS 5.5fixed in 19.72023-07-11
CVE-2020-20118 [MEDIUM] CWE-120 CVE-2020-20118: Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a de
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.
nvd
CVE-2023-1587P4MEDIUMCVSS 5.5≥ 22.5, < 22.112023-04-19
CVE-2023-1587 [MEDIUM] CWE-476 CVE-2023-1587: Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-int
Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11
nvd
CVE-2024-9484P4MEDIUMCVSS 5.5fixed in 240924002024-10-04
CVE-2024-9484 [MEDIUM] CWE-476 CVE-2024-9484: An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released
An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.
nvd
CVE-2024-9483P4MEDIUMCVSS 5.5fixed in 240924002024-10-04
CVE-2024-9483 [MEDIUM] CWE-476 CVE-2024-9483: A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24
A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.
nvd
← Previous2 / 2