Vulnerabilities > Avast > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-13 | CVE-2020-25289 | Link Following vulnerability in Avast Secureline VPN The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions). | 5.5 |
| 2020-09-10 | CVE-2020-15024 | Incomplete Cleanup vulnerability in Avast Antivirus 20.1.5069.562 An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. | 5.5 |
| 2020-06-29 | CVE-2020-13657 | Unspecified vulnerability in Avast AVG Antivirus and Free Antivirus An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. | 5.5 |
| 2020-04-01 | CVE-2020-10864 | Unspecified vulnerability in Avast Antivirus An issue was discovered in Avast Antivirus before 20. | 6.5 |
| 2020-02-28 | CVE-2020-9399 | Interpretation Conflict vulnerability in Avast products The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. | 5.5 |
| 2020-01-13 | CVE-2019-18893 | Cross-site Scripting vulnerability in multiple products XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. | 6.1 |
| 2019-11-01 | CVE-2019-18653 | Cross-site Scripting vulnerability in Avast Antivirus 19.3.2369 A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | 6.1 |
| 2019-07-18 | CVE-2019-11230 | Link Following vulnerability in Avast Antivirus In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. | 4.4 |
| 2017-03-21 | CVE-2017-5567 | Uncontrolled Search Path Element vulnerability in Avast products Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a "DoubleAgent" attack. | 6.7 |
| 2016-11-03 | CVE-2016-4025 | 7PK - Security Features vulnerability in Avast products Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call. | 5.5 |