CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4429 – Avira Security for Windows - Denial of Service
https://notcve.org/view.php?id=CVE-2022-4429
Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78 • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-4294 – Norton, Avira, Avast and AVG Antivirus for Windows Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-4294
Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3368 – Software Updater of Avira Security for Windows vulnerable to Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-3368
A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556. Una vulnerabilidad en la funcionalidad Software Updater de Avira Security for Windows permitía a un atacante con acceso de escritura al sistema de archivos escalar sus privilegios en determinados escenarios. El problema ha sido corregido con Avira Security versión 1.1.72.30556 • https://github.com/Wh04m1001/CVE-2022-3368 https://support.norton.com/sp/static/external/tools/security-advisories.html •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9320
https://notcve.org/view.php?id=CVE-2020-9320
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product ** EN DISPUTA ** Avira AV Engine versiones anteriores a 8.3.54.138, permite omitir la detección de virus por medio de un archivo ISO diseñado. Esto afecta a las versiones anteriores a 8.3.54.138 de Antivirus para Endpoint, Antivirus para Small Business, Exchange Security (Gateway), Internet Security Suite para Windows, Prime, Free Security Suite para Windows y Cross Platparam Anti-malware SDK. NOTA: El vendedor afirma que la vulnerabilidad no existe en el producto • http://packetstormsecurity.com/files/156472/AVIRA-Generic-Malformed-Container-Bypass.html http://seclists.org/fulldisclosure/2020/Feb/31 https://blog.zoller.lu/p/from-low-hanging-fruit-department-avira.html https://www.zoller.lu/%5BTZO-01-2020%5D%20AVIRA%20Generic%20Bypass%20ISO.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7732
https://notcve.org/view.php?id=CVE-2015-7732
The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext. La aplicación Avira Mobile Security anterior a la versión 1.5.11 para iOS, envía información de inicio de sesión en texto claro. • https://www.info-sec.ca/advisories/Avira-Mobile-Security.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •