Vulnerabilities > Avira > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-19 CVE-2023-1900 Integer Overflow or Wraparound vulnerability in Avira Antivirus
A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow.
local
low complexity
avira CWE-190
5.5
2023-01-10 CVE-2022-4429 Unquoted Search Path or Element vulnerability in Avira Security 1.1.71.30554
Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78
local
low complexity
avira CWE-428
4.4
2022-04-12 CVE-2022-28795 Unspecified vulnerability in Avira Password Manager
A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically.
network
low complexity
avira
6.5
2020-05-08 CVE-2020-12680 Unspecified vulnerability in Avira Free Antivirus
Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials.
local
low complexity
avira
5.5
2020-02-20 CVE-2020-9320 Unrestricted Upload of File with Dangerous Type vulnerability in Avira products
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive.
local
low complexity
avira CWE-434
5.5
2020-02-12 CVE-2013-4602 Resource Exhaustion vulnerability in Avira products
A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine.
local
low complexity
avira CWE-400
5.5
2019-10-10 CVE-2019-17449 Untrusted Search Path vulnerability in Avira Software Updater 2.0.6.13175/2.0.6.17105/2.0.6.20377
Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack.
local
low complexity
avira CWE-426
6.7
2017-03-21 CVE-2017-6417 Uncontrolled Search Path Element vulnerability in Avira products
Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a "DoubleAgent" attack.
local
low complexity
avira CWE-427
6.7