Vulnerabilities (CVE)

Filtered by vendor Avast Subscribe
Filtered by product Antivirus
Total 29 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-10861 2 Avast, Microsoft 2 Antivirus, Windows 2024-02-04 6.4 MEDIUM 7.5 HIGH
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled.
CVE-2020-10868 2 Avast, Microsoft 2 Antivirus, Windows 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process.
CVE-2020-10863 2 Avast, Microsoft 2 Antivirus, Windows 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine.
CVE-2020-10862 2 Avast, Microsoft 2 Antivirus, Windows 2024-02-04 4.6 MEDIUM 7.8 HIGH
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC.
CVE-2019-18653 2 Avast, Microsoft 2 Antivirus, Windows 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.
CVE-2019-17093 2 Avast, Avg 2 Antivirus, Anti-virus 2024-02-04 4.4 MEDIUM 7.8 HIGH
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0.
CVE-2019-11230 1 Avast 1 Antivirus 2024-02-04 3.6 LOW 4.4 MEDIUM
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename a critical product file (e.g., AvastSvc.exe), causing the product to fail to start on the next system restart.
CVE-2017-8308 1 Avast 1 Antivirus 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components.
CVE-2017-8307 1 Avast 1 Antivirus 2024-02-04 7.5 HIGH 9.8 CRITICAL
In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also exploitable in conjunction with CVE-2017-8308 when Avast Self-Defense is enabled. The vulnerability allows for Denial of Service attacks and hiding traces of a possible attack.