Vulnerabilities > Avast > Premium Security

DATE CVE VULNERABILITY TITLE RISK
2022-05-20 CVE-2022-28964 Untrusted Search Path vulnerability in Avast Premium Security 19.8.2393/20.8.2429
An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.
local
avast CWE-426
5.4
2022-05-20 CVE-2022-28965 Uncontrolled Search Path Element vulnerability in Avast Premium Security 19.8.2393/20.8.2429
Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.
local
low complexity
avast CWE-427
6.5
2021-03-29 CVE-2021-27241 Link Following vulnerability in Avast Premium Security 20.8.2429
This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561).
local
low complexity
avast CWE-59
3.6
2020-01-13 CVE-2019-18894 OS Command Injection vulnerability in Avast Premium Security 19.8.2393
In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality.
network
avast CWE-78
critical
9.3