CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9320 – AVIRA Generic Malformed Container Bypass
https://notcve.org/view.php?id=CVE-2020-9320
20 Feb 2020 — Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product ** EN DISPUTA ** Avira AV Engine versiones anteriores a 8.3.54.138, permite omitir la detección de virus por medio ... • http://packetstormsecurity.com/files/156472/AVIRA-Generic-Malformed-Container-Bypass.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6417
https://notcve.org/view.php?id=CVE-2017-6417
21 Mar 2017 — Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary ... • http://cybellum.com/doubleagent-taking-full-control-antivirus • CWE-427: Uncontrolled Search Path Element •