CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51636 – Avira Prime Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-51636
17 May 2024 — Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avira Spotlight Service. By creating a symbolic link, an attacker can abuse the service to delete a file. • https://www.zerodayinitiative.com/advisories/ZDI-24-469 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36673
https://notcve.org/view.php?id=CVE-2023-36673
09 Aug 2023 — An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunne... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1900 – Avira Free Antivirus Integer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1900
19 Apr 2023 — A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to a denial-of-service situation. Issue was fixed with Endpointprotection.exe version 1.0.2303.633 This vulnerability allows local attackers to escalate privileges on affected installations of Avira Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this... • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4429 – Avira Security for Windows - Denial of Service
https://notcve.org/view.php?id=CVE-2022-4429
10 Jan 2023 — Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78 Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78 • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-4294 – Norton, Avira, Avast and AVG Antivirus for Windows Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-4294
10 Jan 2023 — Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 2CVE-2022-3368 – Software Updater of Avira Security for Windows vulnerable to Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-3368
17 Oct 2022 — A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556. Una vulnerabilidad en la funcionalidad Software Updater de Avira Security for Windows permitía a un atacante con acceso de escritura al sistema de archivos escalar sus privilegios en determinados escenarios. El problema ha sido corregido con Avira Security... • https://github.com/Wh04m1001/CVE-2022-3368 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28795
https://notcve.org/view.php?id=CVE-2022-28795
12 Apr 2022 — A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari. Una vulnerabilidad en las extensiones de navegador de Avira Pas... • https://support.norton.com/sp/static/external/tools/security-advisories.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12680
https://notcve.org/view.php?id=CVE-2020-12680
08 May 2020 — Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. The functions of the executable file Avira.PWM.NativeMessaging.exe are aimed at collecting credentials stored in Chrome, Firefox, Opera, and Edge. The executable does not verify the calling program and thus a request such as fetchChromePasswords or fetchCredentials will succeed. NOTE: some third parties have stated that this is "not a vulnerability. ** EN DISPUTA ** Avira Free Antivirus versiones hasta 15.0.2005.186... • https://medium.com/%40knikolenko/avira-free-antivirus-password-collector-83452fa7f943 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12463
https://notcve.org/view.php?id=CVE-2020-12463
05 May 2020 — An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files. Se presenta una vulnerabilidad de elevación de privilegios en Avira Software Updater versiones anteriores a 2.0.6.27476, debido a un manejo inapropiado de los enlaces físicos de archivos. Esto permite a usuarios locales tomar el control de archivos arbitrarios. • https://support.avira.com/hc/en-us/articles/360000142857-Avira-Software-Updater •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12254
https://notcve.org/view.php?id=CVE-2020-12254
26 Apr 2020 — Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. Avira Antivirus versiones anteriores a la versión 5.0.2003.1821 en Windows, permite una escalada de privilegios o una denegación de servicio por medio del abuso de un enlace simbólico. • http://web.archive.org/web/20200429193852/https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows • CWE-59: Improper Link Resolution Before File Access ('Link Following') •