Vulnerabilities > Avast

DATE CVE VULNERABILITY TITLE RISK
2020-04-01 CVE-2020-10863 Unspecified vulnerability in Avast Antivirus
An issue was discovered in Avast Antivirus before 20.
network
low complexity
avast
7.5
7.5
2020-04-01 CVE-2020-10862 Unspecified vulnerability in Avast Antivirus
An issue was discovered in Avast Antivirus before 20.
local
low complexity
avast
7.8
7.8
2020-04-01 CVE-2020-10861 Unspecified vulnerability in Avast Antivirus
An issue was discovered in Avast Antivirus before 20.
network
low complexity
avast
7.5
7.5
2020-04-01 CVE-2020-10860 Out-of-bounds Write vulnerability in Avast Antivirus
An issue was discovered in Avast Antivirus before 20.
network
low complexity
avast CWE-787
7.5
7.5
2020-03-09 CVE-2020-8987 Improper Certificate Validation vulnerability in Avast Antitrack and AVG Antitrack
Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate.
network
high complexity
avast CWE-295
7.4
7.4
2020-02-28 CVE-2020-9399 Interpretation Conflict vulnerability in Avast products
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive.
local
low complexity
avast CWE-436
5.5
5.5
2020-01-27 CVE-2019-17190 Incorrect Authorization vulnerability in Avast Secure Browser 76.0.1659.101
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101.
local
low complexity
avast CWE-863
7.8
7.8
2020-01-13 CVE-2019-18894 OS Command Injection vulnerability in Avast Premium Security 19.8.2393
In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality.
local
low complexity
avast CWE-78
7.8
7.8
2020-01-13 CVE-2019-18893 Cross-site Scripting vulnerability in multiple products
XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component.
network
low complexity
video-downloader-project avg avast CWE-79
6.1
6.1
2019-11-01 CVE-2019-18653 Cross-site Scripting vulnerability in Avast Antivirus 19.3.2369
A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.
network
low complexity
avast CWE-79
6.1
6.1