Vulnerabilities > Avast > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-11-22 CVE-2024-7228 Link Following vulnerability in Avast Free Antivirus 23.11.6090
Avast Free Antivirus Link Following Denial-of-Service Vulnerability.
local
low complexity
avast CWE-59
5.5
2024-10-04 CVE-2024-9481 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing.
local
low complexity
avg avast CWE-787
5.5
2024-10-04 CVE-2024-9482 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing.
local
low complexity
avg avast CWE-787
5.5
2024-10-04 CVE-2024-9483 NULL Pointer Dereference vulnerability in multiple products
A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.
local
low complexity
avg avast CWE-476
5.5
2024-10-04 CVE-2024-9484 NULL Pointer Dereference vulnerability in multiple products
An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.
local
low complexity
avg avast CWE-476
5.5
2023-07-11 CVE-2020-20118 Classic Buffer Overflow vulnerability in Avast Antivirus
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.
local
low complexity
avast CWE-120
5.5
2023-04-19 CVE-2023-1587 NULL Pointer Dereference vulnerability in multiple products
Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface.
local
low complexity
avast avg CWE-476
5.5
2023-04-19 CVE-2023-1585 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion.
local
high complexity
avast avg CWE-367
6.3
2023-04-19 CVE-2023-1586 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation.
local
high complexity
avast avg CWE-367
4.7
2022-05-20 CVE-2022-28965 Uncontrolled Search Path Element vulnerability in Avast Premium Security 19.8.2393/20.8.2429
Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.
local
low complexity
avast CWE-427
6.5