CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8961
https://notcve.org/view.php?id=CVE-2020-8961
09 Apr 2020 — An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality. Se detectó un problema en Avira Free-Antivirus versiones anteriores a 15.0.2004.1825. • https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9320 – AVIRA Generic Malformed Container Bypass
https://notcve.org/view.php?id=CVE-2020-9320
20 Feb 2020 — Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product ** EN DISPUTA ** Avira AV Engine versiones anteriores a 8.3.54.138, permite omitir la detección de virus por medio ... • http://packetstormsecurity.com/files/156472/AVIRA-Generic-Malformed-Container-Bypass.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18568 – Avira Free Antivirus is proned to a local privilege escalation through the execution of kernel code from a restricted user.
https://notcve.org/view.php?id=CVE-2019-18568
31 Dec 2019 — Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user. Avira Free Antivirus versión 15.0.1907.1514, es propenso a una escalada de privilegios locales por medio de una ejecución de código del kernel desde un usuario restringido. • https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows • CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17449
https://notcve.org/view.php?id=CVE-2019-17449
10 Oct 2019 — Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges ** EN DISPUTA ** Avira Software Updater versiones anteriores a 2.0.6.21094, permite un ataque de carga lateral de DLL. NOTA: El proveedor piensa que esta vulnerabilidad no es válida porque explotarla requeriría al menos privilegios de administrador y solo obtendría pri... • https://safebreach.com/Post/Avira-Antivirus-2019-4-Services-DLL-Preloading-and-Potential-Abuses-CVE-2019-17449 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11396 – Avira Free Security Suite 2019 Software Updater 2.0.6.13175 Improper Access Control
https://notcve.org/view.php?id=CVE-2019-11396
04 Aug 2019 — An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to obtain SYSTEM privileges. Arbitrary file creation can be achieved by abusing the SwuConfig.json file creation: an unprivileged user can replace these files by pseudo-symbolic links to arbitrary files. When an updat... • http://packetstormsecurity.com/files/153868/Avira-Free-Security-Suite-2019-Software-Updater-2.0.6.13175-Improper-Access-Control.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-10402
https://notcve.org/view.php?id=CVE-2016-10402
27 Jul 2017 — Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow. Las versiones del motor de Avira Antivirus anteriores a la versión 8.3.36.60 permiten la ejecución de código remota como NT AUTHORITY\SYSTEM por medio del encabezado Section con una dirección virtual relativa muy grande en un archivo PE, causando un desbordamiento de enter... • http://www.securityfocus.com/bid/84841 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7732
https://notcve.org/view.php?id=CVE-2015-7732
15 Jun 2017 — The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext. La aplicación Avira Mobile Security anterior a la versión 1.5.11 para iOS, envía información de inicio de sesión en texto claro. • https://www.info-sec.ca/advisories/Avira-Mobile-Security.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6417
https://notcve.org/view.php?id=CVE-2017-6417
21 Mar 2017 — Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary ... • http://cybellum.com/doubleagent-taking-full-control-antivirus • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 0CVE-2015-7303 – Avira Management Console Update Manager Service HTTP Header Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7303
16 Sep 2015 — Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header. Vulnerabilidad de uso después de liberación de memoria en el servicio Update Manager en Avira Management Console, permite a atacantes remotos ejecutar código arbitrario a través de una cabecera grande. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avira Management Console. Authentication is not requi... • http://www.zerodayinitiative.com/advisories/ZDI-15-445 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5576
https://notcve.org/view.php?id=CVE-2014-5576
09 Sep 2014 — The Avira Secure Backup (aka com.avira.avirabackup) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Avira Secure Backup (también conocido como com.avira.avirabackup) 1.2.3 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a tr... • http://www.kb.cert.org/vuls/id/179457 • CWE-310: Cryptographic Issues •