CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-20118
https://notcve.org/view.php?id=CVE-2020-20118
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver. • http://avast.com https://gitlab.com/yongchuank/avast-aswsnx-ioctl-82ac0060-oob-write • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1587
https://notcve.org/view.php?id=CVE-2023-1587
Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11 • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1586
https://notcve.org/view.php?id=CVE-2023-1586
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11 • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1585
https://notcve.org/view.php?id=CVE-2023-1585
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-4294 – Norton, Avira, Avast and AVG Antivirus for Windows Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-4294
Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-269: Improper Privilege Management •