Vulnerabilities > Avast > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-04 | CVE-2024-9481 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing. | 5.5 |
| 2024-10-04 | CVE-2024-9482 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing. | 5.5 |
| 2024-10-04 | CVE-2024-9483 | NULL Pointer Dereference vulnerability in multiple products A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing. | 5.5 |
| 2024-10-04 | CVE-2024-9484 | NULL Pointer Dereference vulnerability in multiple products An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing. | 5.5 |
| 2023-07-11 | CVE-2020-20118 | Classic Buffer Overflow vulnerability in Avast Antivirus Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver. | 5.5 |
| 2023-04-19 | CVE-2023-1587 | NULL Pointer Dereference vulnerability in multiple products Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. | 5.5 |
| 2023-04-19 | CVE-2023-1585 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. | 6.3 |
| 2023-04-19 | CVE-2023-1586 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. | 4.7 |
| 2022-05-20 | CVE-2022-28965 | Uncontrolled Search Path Element vulnerability in Avast Premium Security 19.8.2393/20.8.2429 Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. | 6.5 |
| 2021-03-29 | CVE-2021-27241 | Link Following vulnerability in Avast Premium Security 20.8.2429 This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). | 6.1 |