Vulnerabilities > Avira > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-09 CVE-2023-36673 Cleartext Transmission of Sensitive Information vulnerability in Avira Phantom VPN 2.23.1
An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS.
low complexity
avira CWE-319
7.3
2023-01-10 CVE-2022-4294 Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
local
low complexity
avira norton avast avg
7.8
2022-10-17 CVE-2022-3368 Unspecified vulnerability in Avira Security 1.1.71.30554
A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios.
network
low complexity
avira
8.8
2020-04-09 CVE-2020-8961 Code Injection vulnerability in Avira Free Antivirus
An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825.
network
low complexity
avira CWE-94
7.5
2020-02-12 CVE-2013-4602 Resource Exhaustion vulnerability in Avira products
A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine.
network
avira CWE-400
7.1
2019-12-31 CVE-2019-18568 Unspecified vulnerability in Avira Free Antivirus 15.0.1907.1514
Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user.
local
low complexity
avira
7.2
2019-08-29 CVE-2019-11396 Link Following vulnerability in Avira Free Security Suite and Software Updater
An issue was discovered in Avira Free Security Suite 10.
local
low complexity
avira microsoft CWE-59
7.2
2017-03-21 CVE-2017-6417 Uncontrolled Search Path Element vulnerability in Avira products
Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a "DoubleAgent" attack.
local
low complexity
avira CWE-427
7.2
2009-08-13 CVE-2009-2761 Local Security vulnerability in Antivir Security Suite
Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory.
local
low complexity
avira
7.2
2009-08-13 CVE-2008-6962 Improper Input Validation vulnerability in Avira products
Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer.
local
low complexity
avira CWE-20
7.2