threat
engine
.sh
Back
·
··:··
Home
/
Product
/
avast antivirus
Product
avast antivirus
52 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-3500
>= 25.1.981.6 and < 25.3
Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue aff
9.0
CRITICAL
CVE-2025-13032
< 25.3
Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via p
9.9
CRITICAL
CVE-2024-9484
< 24092400
An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows
5.1
MEDIUM
CVE-2024-9483
< 24092400
A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024
5.1
MEDIUM
CVE-2024-9482
< 24092400
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a m
5.1
MEDIUM
CVE-2024-9481
< 24092400
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a m
5.1
MEDIUM
CVE-2024-5102
< 24.2
A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to dele
7.0
HIGH
CVE-2020-20118
< 19.7
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted
5.5
MEDIUM
CVE-2023-1587
>= 22.5 and < 22.11
Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed wi
5.8
MEDIUM
CVE-2023-1586
>= 22.5 and < 22.11
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process
6.5
MEDIUM
CVE-2023-1585
>= 22.5 and < 22.11
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine proc
6.5
MEDIUM
CVE-2022-4294
< 22.10
Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of
7.1
HIGH
CVE-2021-45339
< 20.4
Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing"
7.8
HIGH
CVE-2021-45338
< 20.4
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by c
7.8
HIGH
CVE-2021-45337
< 20.8
Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM pri
8.8
HIGH
CVE-2021-45336
< 20.4
Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain
8.8
HIGH
CVE-2021-45335
< 20.4
Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the o
8.8
HIGH
CVE-2020-15024
all versions
An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An enter
5.5
MEDIUM
CVE-2020-10868
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
7.5
HIGH
CVE-2020-10867
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
9.8
CRITICAL
CVE-2020-10866
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
7.5
HIGH
CVE-2020-10865
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
7.5
HIGH
CVE-2020-10864
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
6.5
MEDIUM
CVE-2020-10863
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
7.5
HIGH
CVE-2020-10862
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
7.8
HIGH
CVE-2020-10861
< 20.0
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS
7.5
HIGH
CVE-2020-10860
< 20.0
An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Libr
7.5
HIGH
CVE-2019-18653
all versions
A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.
6.1
MEDIUM
CVE-2019-17093
< 19.8
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an att
7.8
HIGH
CVE-2019-11230
< 19.4
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Up
4.4
MEDIUM
CVE-2017-8308
<= 12.3.2279
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from th
7.5
HIGH
CVE-2017-8307
<= 12.3.2279
In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch p
9.8
CRITICAL
CVE-2015-5662
<= 151017-1
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a cra
CVE-2012-1459
all versions
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Ant
CVE-2012-1457
all versions
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-V
CVE-2012-1443
all versions
The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVE
CVE-2008-6846
all versions
Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a den
CVE-2008-5523
all versions
avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an H
CVE-2007-2846
all versions
Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote atta
CVE-2007-2845
<= 4.6.394
Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote atta
CVE-2007-1673
<= 4.7.980
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (in
CVE-2007-1672
<= 4.7.980
avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a dire
CVE-2007-0829
all versions
avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set,
CVE-2006-4626
<= 4.6.763
Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via
CVE-2006-2869
all versions
Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors.
CVE-2006-1892
all versions
avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a symlink attack on the /tmp/_av
CVE-2006-1355
<= 4.6.763
avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, whic
CVE-2005-3214
all versions
Multiple interpretation error in unspecified versions of Avast Antivirus allows remote attackers to bypass virus detection via a m
CVE-2005-2385
all versions
Buffer overflow in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665
CVE-2005-2384
all versions
Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professiona
CVE-2005-1770
all versions
Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 and possibly other versions allows local users to cause a de
CVE-2005-1719
all versions
Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin