📦

antivirus

Vendor: avast

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 1 Code Available
Total RCEs 3 Remote Access
Total CVEs 66 Total Indexed
Avg. EPSS 0.23% Exploit Prob.
Latest CVE CVE-2025-3500 Dec 01

Security Vulnerability Index

Page 1 / 7
9.0 CVSS
CVE-2025-3500
Exploit Found

Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.

EPSS: 0.23%
9.9 CVSS
CVE-2025-13032

Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3  on windows allows local attacker to escalate privelages via pool overflow.

EPSS: 0.03%
5.1 CVSS
CVE-2024-9484

An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.

EPSS: 0.08%
5.1 CVSS
CVE-2024-9483

A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.

EPSS: 0.06%
5.1 CVSS
CVE-2024-9482
RCE

An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing.

EPSS: 0.04%
5.1 CVSS
CVE-2024-9481
RCE

An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing.

EPSS: 0.06%
7.3 CVSS
CVE-2024-5102

A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance. This issue affects Avast Antivirus prior to 24.2.

EPSS: 0.11%
5.5 CVSS
CVE-2020-20118

Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.

EPSS: 0.04%
5.8 CVSS
CVE-2023-1587

Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11

EPSS: 0.06%
6.5 CVSS
CVE-2023-1586

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11

EPSS: 0.10%