CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13962 – Link Following Local Privilege Escalation Vulnerability in Avast Cleanup Premium Version 24.2.16593.17810
https://notcve.org/view.php?id=CVE-2024-13962
09 May 2025 — Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. • https://www.gendigital.com/us/en/contact-us/security-advisories • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13961 – Avast Cleanup Premium TuneupSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-13961
09 May 2025 — Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. • https://www.gendigital.com/us/en/contact-us/security-advisories • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-13944 – Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate (Also affects Avast CleanUp and AVG TuneUp)
https://notcve.org/view.php?id=CVE-2024-13944
09 May 2025 — Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. • https://www.gendigital.com/us/en/contact-us/security-advisories • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9484
https://notcve.org/view.php?id=CVE-2024-9484
04 Oct 2024 — An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9483 – Uninitialized variable in digital signiture verification may crash the application
https://notcve.org/view.php?id=CVE-2024-9483
04 Oct 2024 — A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9482 – Out of Bounds write on scan of malformed Mach-O file may crash the application
https://notcve.org/view.php?id=CVE-2024-9482
04 Oct 2024 — An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9481 – Out of Bounds write on scan of malformed eml file may crash the application
https://notcve.org/view.php?id=CVE-2024-9481
04 Oct 2024 — An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7227 – Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7227
29 Jul 2024 — Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a file. • https://www.zerodayinitiative.com/advisories/ZDI-24-1003 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7228 – Avast Free Antivirus Link Following Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-7228
29 Jul 2024 — Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to create a folder. • https://www.zerodayinitiative.com/advisories/ZDI-24-999 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7229 – Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7229
29 Jul 2024 — Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. • https://www.zerodayinitiative.com/advisories/ZDI-24-1002 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •