Vulnerabilities > Avast
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2019-17190 | Incorrect Authorization vulnerability in Avast Secure Browser 76.0.1659.101 A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. | 7.8 |
| 2020-01-13 | CVE-2019-18894 | OS Command Injection vulnerability in Avast Premium Security 19.8.2393 In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. | 9.3 |
| 2020-01-13 | CVE-2019-18893 | Cross-site Scripting vulnerability in multiple products XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. | 4.3 |
| 2019-11-01 | CVE-2019-18653 | Cross-site Scripting vulnerability in Avast Antivirus 19.3.2369 A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | 6.1 |
| 2019-10-23 | CVE-2019-17093 | Untrusted Search Path vulnerability in multiple products An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. | 4.4 |
| 2019-07-18 | CVE-2019-11230 | Link Following vulnerability in Avast Antivirus In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. | 3.6 |
| 2019-03-21 | CVE-2018-12572 | Cleartext Storage of Sensitive Information vulnerability in Avast Free Antivirus Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data. | 2.1 |
| 2017-04-27 | CVE-2017-8308 | Improper Privilege Management vulnerability in Avast Antivirus In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. | 5.0 |
| 2017-04-27 | CVE-2017-8307 | Arbitrary File Deletion vulnerability in Avast! Antivirus In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. | 7.5 |
| 2017-03-21 | CVE-2017-5567 | Uncontrolled Search Path Element vulnerability in Avast products Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a "DoubleAgent" attack. | 7.2 |