Vulnerabilities > Avast > Antivirus

DATE CVE VULNERABILITY TITLE RISK
2024-10-04 CVE-2024-9481 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing.
local
low complexity
avg avast CWE-787
5.5
2024-10-04 CVE-2024-9482 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing.
local
low complexity
avg avast CWE-787
5.5
2024-10-04 CVE-2024-9483 NULL Pointer Dereference vulnerability in multiple products
A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.
local
low complexity
avg avast CWE-476
5.5
2024-10-04 CVE-2024-9484 NULL Pointer Dereference vulnerability in multiple products
An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.
local
low complexity
avg avast CWE-476
5.5
2024-06-10 CVE-2024-5102 Link Following vulnerability in Avast Antivirus
A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM.
local
high complexity
avast CWE-59
7.0
2023-07-11 CVE-2020-20118 Classic Buffer Overflow vulnerability in Avast Antivirus
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.
local
low complexity
avast CWE-120
5.5
2023-04-19 CVE-2023-1587 NULL Pointer Dereference vulnerability in multiple products
Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface.
local
low complexity
avast avg CWE-476
5.5
2023-04-19 CVE-2023-1585 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion.
local
high complexity
avast avg CWE-367
6.3
2023-04-19 CVE-2023-1586 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation.
local
high complexity
avast avg CWE-367
4.7
2023-01-10 CVE-2022-4294 Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
avira norton avast avg
7.8