Vulnerabilities > Avast

DATE CVE VULNERABILITY TITLE RISK
2021-12-27 CVE-2021-45335 Incorrect Default Permissions vulnerability in Avast Antivirus
Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.
local
low complexity
avast CWE-276
7.2
2021-12-27 CVE-2021-45336 Improper Privilege Management vulnerability in Avast Antivirus
Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.
local
low complexity
avast CWE-269
7.2
2021-12-27 CVE-2021-45337 Improper Privilege Management vulnerability in Avast Antivirus
Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection.
local
low complexity
avast CWE-269
7.2
2021-12-27 CVE-2021-45338 Improper Privilege Management vulnerability in Avast Antivirus
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.
local
low complexity
avast CWE-269
7.2
2021-12-27 CVE-2021-45339 Improper Privilege Management vulnerability in Avast Antivirus
Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense.
local
low complexity
avast CWE-269
7.2
2021-04-21 CVE-2020-23907 Out-of-bounds Write vulnerability in Avast Retdec 3.3
An issue was discovered in retdec v3.3.
network
low complexity
avast CWE-787
7.5
2021-03-29 CVE-2021-27241 Link Following vulnerability in Avast Premium Security 20.8.2429
This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561).
local
low complexity
avast CWE-59
3.6
2020-09-13 CVE-2020-25289 Link Following vulnerability in Avast Secureline VPN
The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).
local
low complexity
avast CWE-59
2.1
2020-09-10 CVE-2020-15024 Insufficiently Protected Credentials vulnerability in Avast Antivirus 20.1.5069.562
An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562.
local
low complexity
avast CWE-522
2.1
2020-06-29 CVE-2020-13657 Improper Privilege Management vulnerability in Avast AVG Antivirus and Free Antivirus
An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links.
local
low complexity
avast CWE-269
2.1