Vulnerabilities > Avast
|2020-04-01||CVE-2020-10860|| Out-of-bounds Write vulnerability in Avast Antivirus |
An issue was discovered in Avast Antivirus before 20.
| 5.0 |
|2020-03-09||CVE-2020-8987|| Improper Certificate Validation vulnerability in Avast Antitrack and AVG Antitrack |
Avast AntiTrack before 126.96.36.199 and AVG Antitrack before 188.8.131.52 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate.
| 5.8 |
|2020-02-28||CVE-2020-9399|| Incorrect Authorization vulnerability in Avast products |
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive.
| 4.3 |
|2020-01-27||CVE-2019-17190|| Incorrect Authorization vulnerability in Avast Secure Browser 76.0.1659.101 |
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101.
| 7.2 |
|2020-01-13||CVE-2019-18894|| OS Command Injection vulnerability in Avast Premium Security 19.8.2393 |
In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality.
| 9.3 |
|2020-01-13||CVE-2019-18893|| Cross-site Scripting vulnerability in multiple products |
XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component.
| 4.3 |
|2019-11-01||CVE-2019-18653|| Cross-site Scripting vulnerability in Avast Antivirus 19.3.2369 |
| 4.3 |
|2019-10-23||CVE-2019-17093|| Untrusted Search Path vulnerability in multiple products |
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8.
| 4.4 |
|2019-07-18||CVE-2019-11230|| Link Following vulnerability in Avast Antivirus |
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink.
| 3.6 |
|2019-03-21||CVE-2018-12572|| Cleartext Storage of Sensitive Information vulnerability in Avast Free Antivirus |
Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.
| 2.1 |