CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9484
https://notcve.org/view.php?id=CVE-2024-9484
04 Oct 2024 — An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9483 – Uninitialized variable in digital signiture verification may crash the application
https://notcve.org/view.php?id=CVE-2024-9483
04 Oct 2024 — A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9482 – Out of Bounds write on scan of malformed Mach-O file may crash the application
https://notcve.org/view.php?id=CVE-2024-9482
04 Oct 2024 — An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9481 – Out of Bounds write on scan of malformed eml file may crash the application
https://notcve.org/view.php?id=CVE-2024-9481
04 Oct 2024 — An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5803 – Local privelage escalation via COM hijacking
https://notcve.org/view.php?id=CVE-2024-5803
03 Oct 2024 — The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6510 – Local privilege escalation vulnerability in AVG Internet Security
https://notcve.org/view.php?id=CVE-2024-6510
12 Sep 2024 — Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking. • https://www.cirosec.de/sa/sa-2023-008 • CWE-427: Uncontrolled Search Path Element CWE-732: Incorrect Permission Assignment for Critical Resource CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7237 – AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7237
29 Jul 2024 — AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. • https://www.zerodayinitiative.com/advisories/ZDI-24-1007 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7234 – AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7234
29 Jul 2024 — AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to delete a file. • https://www.zerodayinitiative.com/advisories/ZDI-24-1008 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7235 – AVG AntiVirus Free Link Following Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-7235
29 Jul 2024 — AVG AntiVirus Free Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to create a folder. • https://www.zerodayinitiative.com/advisories/ZDI-24-1006 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7236 – AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-7236
29 Jul 2024 — AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Installer. By creating a symbolic link, an attacker can abuse the update functionality to create a file. • https://www.zerodayinitiative.com/advisories/ZDI-24-1009 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •