Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15024 | 1 Avast | 1 Antivirus | 2024-02-14 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation. | |||||
| CVE-2020-20118 | 1 Avast | 1 Antivirus | 2023-12-10 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver. | |||||
| CVE-2023-1587 | 3 Avast, Avg, Microsoft | 3 Antivirus, Anti-virus, Windows | 2023-12-10 | N/A | 5.5 MEDIUM |
| Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11 | |||||
| CVE-2023-1585 | 3 Avast, Avg, Microsoft | 3 Antivirus, Anti-virus, Windows | 2023-12-10 | N/A | 6.3 MEDIUM |
| Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later. | |||||
| CVE-2023-1586 | 3 Avast, Avg, Microsoft | 3 Antivirus, Anti-virus, Windows | 2023-12-10 | N/A | 4.7 MEDIUM |
| Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11 | |||||
| CVE-2022-4294 | 5 Avast, Avg, Avira and 2 more | 5 Antivirus, Antivirus, Avira Security and 2 more | 2023-12-10 | N/A | 7.8 HIGH |
| Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2021-45339 | 1 Avast | 1 Antivirus | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense. | |||||
| CVE-2021-45337 | 1 Avast | 1 Antivirus | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
| Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection. | |||||
| CVE-2021-45335 | 1 Avast | 1 Antivirus | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
| Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files. | |||||
| CVE-2021-45338 | 1 Avast | 1 Antivirus | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security. | |||||
| CVE-2021-45336 | 1 Avast | 1 Antivirus | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
| Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges. | |||||
| CVE-2020-10864 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2023-12-10 | 5.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process. | |||||
| CVE-2020-10867 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled. | |||||
| CVE-2020-10868 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process. | |||||
| CVE-2020-10866 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC. | |||||
| CVE-2020-10860 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe). | |||||
| CVE-2020-10861 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2023-12-10 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled. | |||||
| CVE-2020-10865 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process. | |||||
| CVE-2020-10863 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine. | |||||
| CVE-2020-10862 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC. | |||||