3 results (0.003 seconds)

CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0

A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine. Se presenta una vulnerabilidad de denegación de servicio (bucle infinito) en Avira AntiVir Engine versiones anteriores a 8.2.12.58, por medio de una función no especificada en el PDF Scanner Engine. • http://www.securityfocus.com/bid/60552 http://www.securitytracker.com/id/1028666 https://exchange.xforce.ibmcloud.com/vulnerabilities/85099 https://packetstormsecurity.com/files/122024/Avira-AntiVir-Engine-Denial-Of-Service-Filter-Evasion.html https://vuldb.com/?id.9151 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory. Vulnerabilidad de búsqueda de ruta no entrecomillada en Windows en el planificador (sched.exe) en Avira AntiVir, AntiVir Premium, Premium Security Suite y AntiVir Professional, podría permitir a usuarios locales elevar sus privilegios a través de un archivo antivir.exe malicioso en el directorio "C:\Program Files\avira\" ("C:\Archivos de Programa\avira\"). • http://archives.neohapsis.com/archives/bugtraq/2009-01/0146.html http://blog.zoller.lu/2009/01/tzo-2009-2-avira-antivir-priviledge.html http://www.osvdb.org/55647 http://www.vupen.com/english/advisories/2008/3130 https://exchange.xforce.ibmcloud.com/vulnerabilities/46568 •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer. Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, y AntiVir Personal - FREE permite a los usuarios locales ejecutar arbitrariamente código a través de peticiones IOCTL manipuladas que sobreescriben un puntero al núcleo. • http://www.securityfocus.com/bid/32269 http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt http://www.vupen.com/english/advisories/2008/3130 https://exchange.xforce.ibmcloud.com/vulnerabilities/46567 • CWE-20: Improper Input Validation •