Vulnerabilities > Avast

DATE CVE VULNERABILITY TITLE RISK
2020-04-01 CVE-2020-10860 Out-of-bounds Write vulnerability in Avast Antivirus
An issue was discovered in Avast Antivirus before 20.
network
low complexity
avast CWE-787
5.0
2020-03-09 CVE-2020-8987 Improper Certificate Validation vulnerability in Avast Antitrack and AVG Antitrack
Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate.
network
avast CWE-295
5.8
2020-02-28 CVE-2020-9399 Incorrect Authorization vulnerability in Avast products
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive.
network
avast CWE-863
4.3
2020-01-27 CVE-2019-17190 Incorrect Authorization vulnerability in Avast Secure Browser 76.0.1659.101
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101.
local
low complexity
avast CWE-863
7.2
2020-01-13 CVE-2019-18894 OS Command Injection vulnerability in Avast Premium Security 19.8.2393
In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality.
network
avast CWE-78
critical
9.3
2020-01-13 CVE-2019-18893 Cross-site Scripting vulnerability in multiple products
XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component.
4.3
2019-11-01 CVE-2019-18653 Cross-site Scripting vulnerability in Avast Antivirus 19.3.2369
A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.
network
avast CWE-79
4.3
2019-10-23 CVE-2019-17093 Untrusted Search Path vulnerability in multiple products
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8.
local
avg avast CWE-426
4.4
2019-07-18 CVE-2019-11230 Link Following vulnerability in Avast Antivirus
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink.
local
low complexity
avast CWE-59
3.6
2019-03-21 CVE-2018-12572 Cleartext Storage of Sensitive Information vulnerability in Avast Free Antivirus
Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.
local
low complexity
avast CWE-312
2.1