Total
29 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-10861 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-02-04 | 6.4 MEDIUM | 7.5 HIGH |
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled. | |||||
CVE-2020-10868 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process. | |||||
CVE-2020-10863 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine. | |||||
CVE-2020-10862 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC. | |||||
CVE-2019-18653 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | |||||
CVE-2019-17093 | 2 Avast, Avg | 2 Antivirus, Anti-virus | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0. | |||||
CVE-2019-11230 | 1 Avast | 1 Antivirus | 2024-02-04 | 3.6 LOW | 4.4 MEDIUM |
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename a critical product file (e.g., AvastSvc.exe), causing the product to fail to start on the next system restart. | |||||
CVE-2017-8308 | 1 Avast | 1 Antivirus | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components. | |||||
CVE-2017-8307 | 1 Avast | 1 Antivirus | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also exploitable in conjunction with CVE-2017-8308 when Avast Self-Defense is enabled. The vulnerability allows for Denial of Service attacks and hiding traces of a possible attack. |