📦

avg_antivirus

Vendor: grisoft

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 13 Total Indexed

Avg. EPSS 0.75% Exploit Prob.

Latest CVE CVE-2023-5760 Nov 08

Security Vulnerability Index

Page 1 / 2

8.2 CVSS

CVE-2023-5760

A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.

EPSS: 0.08%

Severity: HIGH

Nov 08, 2023

7.3 CVSS

CVE-2022-4173

A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10.

EPSS: 0.21%

Severity: HIGH

Dec 06, 2022

5.5 CVSS

CVE-2020-13657

An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files.

EPSS: 0.03%

Severity: MEDIUM

Jun 29, 2020

3.3 CVSS

CVE-2012-6335

The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."

EPSS: 0.07%

Severity: LOW

Dec 31, 2012

5.0 CVSS

CVE-2008-3373

The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.

EPSS: 2.17%

Severity: MEDIUM

Jul 30, 2008

7.2 CVSS

CVE-2007-3777

avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler.

EPSS: 0.06%

Severity: HIGH

Jul 15, 2007

10.0 CVSS

CVE-2006-5940

Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors related to "Integer Issues" and parsing of .EXE files.

EPSS: 0.50%

Severity: HIGH

Nov 16, 2006

7.5 CVSS

CVE-2006-5937

Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

EPSS: 4.26%

Severity: HIGH

Nov 16, 2006

10.0 CVSS

CVE-2006-5938

Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a crafted CAB file.

EPSS: 0.52%

Severity: HIGH

Nov 16, 2006

7.8 CVSS

CVE-2006-5939

Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers a divide-by-zero error. NOTE: some of these details are obtained from third party information.

EPSS: 1.03%

Severity: HIGH

Nov 16, 2006

Displaying 10 of 13 Total Entries

1 2

Total 2 Sections