CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7236 – AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-7236
29 Jul 2024 — AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Installer. By creating a symbolic link, an attacker can abuse the update functionality to create a file. • https://www.zerodayinitiative.com/advisories/ZDI-24-1009 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7237 – AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7237
29 Jul 2024 — AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. • https://www.zerodayinitiative.com/advisories/ZDI-24-1007 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1587
https://notcve.org/view.php?id=CVE-2023-1587
19 Apr 2023 — Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11 • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1586
https://notcve.org/view.php?id=CVE-2023-1586
19 Apr 2023 — Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11 • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1585
https://notcve.org/view.php?id=CVE-2023-1585
19 Apr 2023 — Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-4294 – Norton, Avira, Avast and AVG Antivirus for Windows Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-4294
10 Jan 2023 — Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-18893
https://notcve.org/view.php?id=CVE-2019-18893
13 Jan 2020 — XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways. Una vulnerabilidad de tipo XSS en el componente V... • https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18654
https://notcve.org/view.php?id=CVE-2019-18654
01 Nov 2019 — A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. Se presenta un problema de tipo Cross Site Scripting (XSS) en AVG AntiVirus (Internet Security Edition) versión 19.3.3084 build 19.3.4241.440, en la ventana emergente de notificación de red, permitiendo a un atacante ejecutar código JavaScript por medio de un nombre SSID. • http://firstsight.me/2019/10/5000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-17093
https://notcve.org/view.php?id=CVE-2019-17093
23 Oct 2019 — An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0. Se detectó un problema en Avast antivirus versiones anteriores a 19.8 y AVG antivirus versiones anteriores a 19.8. Una ... • https://safebreach.com/Post/Avast-Antivirus-AVG-Antivirus-DLL-Preloading-into-PPL-and-Potential-Abuses • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-9977
https://notcve.org/view.php?id=CVE-2017-9977
12 Jul 2017 — AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files. AVG AntiVirus para MacOS con motor de escaneo anterior a versión 4668, podría permitir a los atacantes remotos omitir la detección de malware al aprovechar la falta de escaneo dentro de archivos de imagen de disco (también conocido como DMG). • https://wwws.nightwatchcybersecurity.com/2017/07/06/avg-antivirus-for-macos-doesnt-scan-inside-disk-images-cve-2017-9977 •