Vulnerabilities > Avast > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-01 | CVE-2020-10862 | Unspecified vulnerability in Avast Antivirus An issue was discovered in Avast Antivirus before 20. | 7.8 |
| 2020-04-01 | CVE-2020-10861 | Unspecified vulnerability in Avast Antivirus An issue was discovered in Avast Antivirus before 20. | 7.5 |
| 2020-04-01 | CVE-2020-10860 | Out-of-bounds Write vulnerability in Avast Antivirus An issue was discovered in Avast Antivirus before 20. | 7.5 |
| 2020-03-09 | CVE-2020-8987 | Improper Certificate Validation vulnerability in Avast Antitrack and AVG Antitrack Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. | 7.4 |
| 2020-01-27 | CVE-2019-17190 | Incorrect Authorization vulnerability in Avast Secure Browser 76.0.1659.101 A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. | 7.8 |
| 2020-01-13 | CVE-2019-18894 | OS Command Injection vulnerability in Avast Premium Security 19.8.2393 In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. | 7.8 |
| 2019-10-23 | CVE-2019-17093 | Uncontrolled Search Path Element vulnerability in multiple products An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. | 7.8 |
| 2019-03-21 | CVE-2018-12572 | Cleartext Storage of Sensitive Information vulnerability in Avast Free Antivirus Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data. | 7.8 |
| 2017-04-27 | CVE-2017-8308 | Improper Privilege Management vulnerability in Avast Antivirus In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. | 7.5 |
| 2016-04-13 | CVE-2015-8620 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Avast products Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request. | 7.8 |