Vulnerabilities > AVG > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-19 CVE-2023-1585 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion.
local
high complexity
avast avg CWE-367
6.3
2023-04-19 CVE-2023-1586 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation.
local
high complexity
avast avg CWE-367
4.7
2020-01-13 CVE-2019-18893 Cross-site Scripting vulnerability in multiple products
XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component.
4.3
2019-11-01 CVE-2019-18654 Cross-site Scripting vulnerability in AVG Anti-Virus 19.3.3084
A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.
network
low complexity
avg CWE-79
6.1
2019-10-23 CVE-2019-17093 Untrusted Search Path vulnerability in multiple products
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8.
local
avg avast CWE-426
4.4
2017-07-12 CVE-2017-9977 Unspecified vulnerability in AVG Anti-Virus
AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files.
network
low complexity
avg
5.0
2015-12-16 CVE-2015-8578 Permissions, Privileges, and Access Controls vulnerability in AVG Internet Security 2015
AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.
network
low complexity
avg CWE-264
6.4
2012-08-22 CVE-2010-3498 Permissions, Privileges, and Access Controls vulnerability in AVG Anti-Virus
AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.
network
low complexity
avg CWE-264
6.4
2012-03-21 CVE-2012-1462 Permissions, Privileges, and Access Controls vulnerability in multiple products
The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning.
4.3
2012-03-21 CVE-2012-1461 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams.
4.3