Vulnerabilities > Avast
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-19 | CVE-2023-1585 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. | 6.3 |
| 2023-04-19 | CVE-2023-1586 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. | 4.7 |
| 2023-01-10 | CVE-2022-4294 | Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
| 2022-12-08 | CVE-2022-4291 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avast Script Shield The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. | 10.0 |
| 2022-12-06 | CVE-2022-4173 | Improper Privilege Management vulnerability in Avast and AVG Antivirus A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. | 8.8 |
| 2022-05-20 | CVE-2022-28964 | Untrusted Search Path vulnerability in Avast Premium Security 19.8.2393/20.8.2429 An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. | 5.4 |
| 2022-05-20 | CVE-2022-28965 | Unspecified vulnerability in Avast Premium Security 19.8.2393/20.8.2429 Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. local avast | 4.4 |
| 2021-12-27 | CVE-2021-45335 | Incorrect Default Permissions vulnerability in Avast Antivirus Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files. | 7.2 |
| 2021-12-27 | CVE-2021-45336 | Unspecified vulnerability in Avast Antivirus Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges. | 7.2 |
| 2021-12-27 | CVE-2021-45337 | Unspecified vulnerability in Avast Antivirus Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection. | 7.2 |