Vulnerabilities > Avira

DATE CVE VULNERABILITY TITLE RISK
2020-05-08 CVE-2020-12680 Insufficiently Protected Credentials vulnerability in Avira Free Antivirus
** DISPUTED ** Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials.
local
low complexity
avira CWE-522
2.1
2020-05-05 CVE-2020-12463 Improper Privilege Management vulnerability in Avira Software Updater
An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links.
local
low complexity
avira CWE-269
4.6
2020-04-26 CVE-2020-12254 Link Following vulnerability in Avira Antivirus
Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink.
local
low complexity
avira CWE-59
4.6
2020-04-09 CVE-2020-8961 Code Injection vulnerability in Avira Free Antivirus
An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825.
network
low complexity
avira CWE-94
7.5
2020-02-20 CVE-2020-9320 Unrestricted Upload of File With Dangerous Type vulnerability in Avira products
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive.
network
avira CWE-434
4.3
2020-02-12 CVE-2013-4602 Resource Exhaustion vulnerability in Avira products
A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine.
network
avira CWE-400
7.1
2019-12-31 CVE-2019-18568 Unspecified vulnerability in Avira Free Antivirus 15.0.1907.1514
Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user.
local
low complexity
avira
7.2
2019-10-10 CVE-2019-17449 Untrusted Search Path vulnerability in Avira Software Updater 2.0.6.17105/2.0.6.20377
** DISPUTED ** Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack.
local
low complexity
avira CWE-426
4.6
2019-08-29 CVE-2019-11396 Link Following vulnerability in Avira Free Security Suite and Software Updater
An issue was discovered in Avira Free Security Suite 10.
local
low complexity
avira microsoft CWE-59
7.2
2017-07-27 CVE-2016-10402 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avira Antivirus 5.0.2003.1821/8.3.36.59
Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow.
network
avira CWE-119
critical
9.3