Filtered by vendor Avira
Subscribe
Total
35 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-4294 | 5 Avast, Avg, Avira and 2 more | 5 Antivirus, Antivirus, Avira Security and 2 more | 2023-01-13 | N/A | 7.8 HIGH |
Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
CVE-2022-4429 | 1 Avira | 1 Avira Security | 2023-01-12 | N/A | 4.4 MEDIUM |
Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78 | |||||
CVE-2022-3368 | 1 Avira | 1 Avira Security | 2022-10-19 | N/A | 8.8 HIGH |
A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556. | |||||
CVE-2022-28795 | 1 Avira | 1 Password Manager | 2022-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari. | |||||
CVE-2020-12680 | 1 Avira | 1 Free Antivirus | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
** DISPUTED ** Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. The functions of the executable file Avira.PWM.NativeMessaging.exe are aimed at collecting credentials stored in Chrome, Firefox, Opera, and Edge. The executable does not verify the calling program and thus a request such as fetchChromePasswords or fetchCredentials will succeed. NOTE: some third parties have stated that this is "not a vulnerability." | |||||
CVE-2020-12463 | 1 Avira | 1 Software Updater | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files. | |||||
CVE-2020-8961 | 1 Avira | 1 Free Antivirus | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality. | |||||
CVE-2020-9320 | 1 Avira | 8 Anti-malware Sdk, Antivirus Server, Avira Antivirus For Endpoint and 5 more | 2021-03-04 | 4.3 MEDIUM | 5.5 MEDIUM |
** DISPUTED ** Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product. | |||||
CVE-2019-18568 | 2 Avira, Microsoft | 2 Free Antivirus, Windows | 2020-10-22 | 7.2 HIGH | 8.8 HIGH |
Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user. | |||||
CVE-2020-12254 | 1 Avira | 1 Antivirus | 2020-10-06 | 4.6 MEDIUM | 7.8 HIGH |
Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. | |||||
CVE-2019-11396 | 2 Avira, Microsoft | 3 Free Security Suite, Software Updater, Windows | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to obtain SYSTEM privileges. Arbitrary file creation can be achieved by abusing the SwuConfig.json file creation: an unprivileged user can replace these files by pseudo-symbolic links to arbitrary files. When an update occurs, a privileged service creates a file and sets its access rights, offering write access to the Everyone group in any directory. | |||||
CVE-2016-10402 | 1 Avira | 1 Antivirus | 2020-08-05 | 9.3 HIGH | 7.8 HIGH |
Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow. | |||||
CVE-2013-4602 | 1 Avira | 10 Antivir Mailgate, Antivir Mailgate Suite, Antivir Personal and 7 more | 2020-02-18 | 7.1 HIGH | 5.5 MEDIUM |
A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine. | |||||
CVE-2019-17449 | 1 Avira | 1 Software Updater | 2019-10-24 | 4.6 MEDIUM | 6.7 MEDIUM |
** DISPUTED ** Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges. | |||||
CVE-2017-6417 | 1 Avira | 4 Free Security Suite, Internet Security Suite, Optimization Suite and 1 more | 2019-10-02 | 7.2 HIGH | 6.7 MEDIUM |
Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. | |||||
CVE-2006-1274 | 1 Avira | 1 Antivir Personal | 2018-10-18 | 7.2 HIGH | N/A |
Classic Planer in AntiVir PersonalEdition Classic 7 does not drop privileges before executing external programs, which allows local users to gain privileges via notepad.exe, which is used to display scan reports. | |||||
CVE-2006-4619 | 1 Avira | 1 Antivir Personal | 2018-10-17 | 4.6 MEDIUM | N/A |
The start update window in update.exe in Avira AntiVir PersonalEdition Classic 7.0 build 151 allows local users to gain system privileges via a "Shatter" style attack on the (1) IParam parameter, and the (2) PBM_GETRANGE and (3) PBM_SETRANGE messages in an unspecified progress bar. NOTE: some details are obtained from third party information. | |||||
CVE-2007-2973 | 1 Avira | 2 Antivir, Av Pack | 2018-10-16 | 7.8 HIGH | N/A |
Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive. | |||||
CVE-2007-2972 | 1 Avira | 2 Antivir, Av Pack | 2018-10-16 | 7.8 HIGH | N/A |
The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. | |||||
CVE-2007-2974 | 1 Avira | 2 Antivir, Av Pack | 2018-10-16 | 10.0 HIGH | N/A |
Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around." |