CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27241 – Avast Premium Security AvastSvc Directory Junction Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-27241
24 Feb 2021 — This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-servi... • https://www.zerodayinitiative.com/advisories/ZDI-21-208 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25289
https://notcve.org/view.php?id=CVE-2020-25289
13 Sep 2020 — The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions). El servicio VPN en AVAST SecureLine versiones anteriores a 5.6.4982.470, permite a usuarios locales escribir en archivos arbitrarios por medio de un enlace simbólico de Object Manager del directorio de registro (que presenta permisos débiles) • http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15024
https://notcve.org/view.php?id=CVE-2020-15024
10 Sep 2020 — An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation. Se detectó un problema en la funcionalidad Login Password del componente Password Manager en Avast Antivirus versión 20.1.5069.562. La contraseña ingresada sigue siendo almacenada en la memoria principal de Windows después de cerrar la sesión y después de una operación... • http://nestedif.com/avast-antivirus-password-manager-vulnerability-improper-session-handling-leading-to-information-disclosure-advisory • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13657
https://notcve.org/view.php?id=CVE-2020-13657
29 Jun 2020 — An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files. Se presenta una vulnerabilidad de elevación de privilegios en Avast Free Antivirus y AVG AntiVirus Free versiones anteriores a 20.4, debido a un manejo inapropiado de los enlaces físicos. La vulnerabilidad permite a usuarios locales tomar el control de archivos arbitrarios • https://forum.avast.com/index.php?topic=232423.0 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10868
https://notcve.org/view.php?id=CVE-2020-10868
01 Apr 2020 — An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process. Se detectó un problema en Avast Antivirus versiones anteriores a 20. El endpoint de aswTask RPC para la biblioteca TaskEx en el Avast Service (AvastSvc.exe) permite a atacantes iniciar la llamada Repair App RPC desde un proceso Low Integrity. • https://forum.avast.com/index.php?topic=232420.0 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10867
https://notcve.org/view.php?id=CVE-2020-10867
01 Apr 2020 — An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled. Se detectó un problema en Avast Antivirus versiones anteriores a 20. El endpoint de aswTask RPC para la biblioteca TaskEx en el Avast Service (AvastSvc.exe) permite a atacantes omitir las restricciones de acceso previstas en tareas a partir de un proce... • https://forum.avast.com/index.php?topic=232420.0 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10866
https://notcve.org/view.php?id=CVE-2020-10866
01 Apr 2020 — An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC. Se detectó un problema en Avast Antivirus versiones anteriores a 20. El endpoint de aswTask RPC para la biblioteca TaskEx en el Avast Service (AvastSvc.exe) permite a atacantes enumerar las interfaces de red y los puntos de acceso a partir de un proceso Low Integri... • https://forum.avast.com/index.php?topic=232420.0 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10865
https://notcve.org/view.php?id=CVE-2020-10865
01 Apr 2020 — An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process. Se detectó un problema en Avast Antivirus versiones anteriores a 20. El endpoint de aswTask RPC para la biblioteca TaskEx en el Avast Service (AvastSvc.exe) permite a atacantes realizar cambios arbitrarios en la sección Components del archivo St... • https://forum.avast.com/index.php?topic=232420.0 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10864
https://notcve.org/view.php?id=CVE-2020-10864
01 Apr 2020 — An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process. Se detectó un problema en Avast Antivirus versiones anteriores a 20. El endpoint de aswTask RPC para la biblioteca TaskEx en el Avast Service (AvastSvc.exe) permite a atacantes activar un reinicio por medio de una RPC a partir de un proceso Low Integrity. • https://forum.avast.com/index.php?topic=232420.0 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10863
https://notcve.org/view.php?id=CVE-2020-10863
01 Apr 2020 — An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine. Se detectó un problema en Avast Antivirus versiones anteriores a 20. El endpoint de aswTask RPC para la biblioteca TaskEx en el Avast Service (AvastSvc.exe) permite a atacantes desencadenar un apagado por medio de una RPC a partir de un proceso Low Integrity por medio de T... • https://forum.avast.com/index.php?topic=232420.0 •