Vulnerabilities > Avast
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-10 | CVE-2024-5102 | Link Following vulnerability in Avast Antivirus A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. | 7.0 |
| 2023-11-08 | CVE-2023-5760 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Avast AVG Antivirus 23.8 A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. | 7.0 |
| 2023-07-11 | CVE-2020-20118 | Classic Buffer Overflow vulnerability in Avast Antivirus Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver. | 5.5 |
| 2023-04-19 | CVE-2023-1587 | NULL Pointer Dereference vulnerability in multiple products Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. | 5.5 |
| 2023-04-19 | CVE-2023-1585 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. | 6.3 |
| 2023-04-19 | CVE-2023-1586 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. | 4.7 |
| 2023-01-10 | CVE-2022-4294 | Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
| 2022-12-08 | CVE-2022-4291 | Out-of-bounds Write vulnerability in Avast Script Shield The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. | 10.0 |
| 2022-12-06 | CVE-2022-4173 | Improper Privilege Management vulnerability in Avast and AVG Antivirus A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. | 8.8 |
| 2022-05-20 | CVE-2022-28964 | Untrusted Search Path vulnerability in Avast Premium Security 19.8.2393/20.8.2429 An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. | 7.1 |