Vulnerabilities > Avast > Premium Security > 19.8.2393

DATE CVE VULNERABILITY TITLE RISK
2022-05-20 CVE-2022-28964 Untrusted Search Path vulnerability in Avast Premium Security 19.8.2393/20.8.2429
An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.
local
low complexity
avast CWE-426
7.1
7.1
2022-05-20 CVE-2022-28965 Uncontrolled Search Path Element vulnerability in Avast Premium Security 19.8.2393/20.8.2429
Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.
local
low complexity
avast CWE-427
6.5
6.5
2020-01-13 CVE-2019-18894 OS Command Injection vulnerability in Avast Premium Security 19.8.2393
In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality.
local
low complexity
avast CWE-78
7.8
7.8