Vulnerabilities > Quickheal

DATE CVE VULNERABILITY TITLE RISK
2022-05-23 CVE-2022-31466 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Quickheal Total Security 10.1.0.316/11.00/12.00
Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files.
local
high complexity
quickheal CWE-367
7.0
2022-05-23 CVE-2022-31467 Uncontrolled Search Path Element vulnerability in Quickheal Total Security 10.1.0.316/11.00/12.00
A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load.
local
low complexity
quickheal CWE-427
7.3
2020-11-30 CVE-2020-27587 Weak Password Requirements vulnerability in Quickheal Total Security
Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password.
local
low complexity
quickheal CWE-521
6.7
2020-11-30 CVE-2020-27586 Cleartext Transmission of Sensitive Information vulnerability in Quickheal Total Security
Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text.
network
high complexity
quickheal CWE-319
5.9
2020-11-30 CVE-2020-27585 Weak Password Requirements vulnerability in Quickheal Total Security
Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password.
local
low complexity
quickheal CWE-521
4.4
2020-02-24 CVE-2020-9362 Interpretation Conflict vulnerability in Quickheal products
The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive.
local
low complexity
quickheal CWE-436
7.8
2018-07-25 CVE-2018-8090 Uncontrolled Search Path Element vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security
Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading.
local
low complexity
quickheal CWE-427
7.8
2017-05-04 CVE-2017-8776 Unspecified vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product.
network
low complexity
quickheal
7.5
2017-05-04 CVE-2017-8775 Out-of-bounds Write vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.
network
low complexity
quickheal CWE-787
critical
9.8
2017-05-04 CVE-2017-8774 Out-of-bounds Write vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.
network
low complexity
quickheal CWE-787
critical
9.8