threat
engine
.sh
Back
·
··:··
Home
/
Product
/
avast antivirus
Product
avast antivirus
64 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-3500
>= 25.1.981.6 and < 25.3
Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue aff
9.0
CRITICAL
CVE-2025-13032
< 25.3
Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via p
9.9
CRITICAL
CVE-2024-7233
all versions
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers t
7.8
HIGH
CVE-2024-7232
all versions
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers t
7.8
HIGH
CVE-2024-7231
all versions
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escala
7.8
HIGH
CVE-2024-7230
all versions
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escala
7.8
HIGH
CVE-2024-7229
all versions
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escala
7.8
HIGH
CVE-2024-7228
all versions
Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-
5.5
MEDIUM
CVE-2024-7227
all versions
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers t
7.8
HIGH
CVE-2024-9484
< 24092400
An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows
5.1
MEDIUM
CVE-2024-9483
< 24092400
A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024
5.1
MEDIUM
CVE-2024-9482
< 24092400
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a m
5.1
MEDIUM
CVE-2024-9481
< 24092400
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a m
5.1
MEDIUM
CVE-2024-5102
< 24.2
A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to dele
7.0
HIGH
CVE-2023-42125
all versions
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attac
7.8
HIGH
CVE-2023-42124
all versions
Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows lo
7.8
HIGH
CVE-2023-5760
all versions
A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-
8.2
HIGH
CVE-2020-20118
< 19.7
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted
5.5
MEDIUM
CVE-2023-1587
>= 22.5 and < 22.11
Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed wi
5.8
MEDIUM
CVE-2023-1586
>= 22.5 and < 22.11
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process
6.5
MEDIUM
CVE-2023-1585
>= 22.5 and < 22.11
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine proc
6.5
MEDIUM
CVE-2022-4294
< 22.10
Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of
7.1
HIGH
CVE-2022-4173
>= 20.5 and <= 22.9
A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the f
7.3
HIGH
CVE-2022-28965
< 21.11.2500
Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.250
6.5
MEDIUM
CVE-2022-28964
< 21.11.2500
An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to caus
7.1
HIGH
CVE-2021-45339
< 20.4
Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing"
7.8
HIGH
CVE-2021-45338
< 20.4
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by c
7.8
HIGH
CVE-2021-45337
< 20.8
Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM pri
8.8
HIGH
CVE-2021-45336
< 20.4
Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain
8.8
HIGH
CVE-2021-45335
< 20.4
Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the o
8.8
HIGH
CVE-2021-27241
all versions
This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8
6.1
MEDIUM
CVE-2020-15024
all versions
An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An enter
5.5
MEDIUM
CVE-2020-13657
< 20.4
An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handli
5.5
MEDIUM
CVE-2020-10868
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
7.5
HIGH
CVE-2020-10867
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
9.8
CRITICAL
CVE-2020-10866
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
7.5
HIGH
CVE-2020-10865
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
7.5
HIGH
CVE-2020-10864
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
6.5
MEDIUM
CVE-2020-10863
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
7.5
HIGH
CVE-2020-10862
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
7.8
HIGH
CVE-2020-10861
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
7.5
HIGH
CVE-2020-10860
< 20.0
An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Libr
7.5
HIGH
CVE-2019-18894
all versions
In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus
7.8
HIGH
CVE-2019-18653
all versions
A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.
6.1
MEDIUM
CVE-2019-17093
< 19.8
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an att
7.8
HIGH
CVE-2019-11230
< 19.4
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Up
4.4
MEDIUM
CVE-2018-12572
< 19.1.2360
Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive
7.8
HIGH
CVE-2017-8308
<= 12.3.2279
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from th
7.5
HIGH
CVE-2017-8307
<= 12.3.2279
In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch p
9.8
CRITICAL
CVE-2017-5567
<= 12.3
Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and ea
6.7
MEDIUM
CVE-2016-4025
all versions
Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoi
5.5
MEDIUM
CVE-2015-5662
<= 151017-1
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a cra
CVE-2010-0705
<= 5.0.396.0
Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate i
CVE-2009-4049
all versions
Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to
CVE-2009-3524
<= 4.8.1351
Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local
CVE-2009-3523
<= 4.8.1351
aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c
CVE-2009-3522
all versions
Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions befor
CVE-2008-6846
all versions
Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a den
CVE-2008-5523
all versions
avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an H
CVE-2008-1625
all versions
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows lo
CVE-2007-6265
all versions
Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown im
CVE-2007-2845
<= 4.6.394
Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote atta
CVE-2007-1673
all versions
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (in
CVE-2007-1672
<= 4.7.980
avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a dire
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin