Every CVE whose affected-product data names Avast Antivirus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (32)
CVE-2025-13032 — CVSS 9.9 (critical): Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool…
CVE-2020-10867 — CVSS 9.8 (critical): An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe)…
CVE-2017-8307 — CVSS 9.8 (critical): In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined…
CVE-2025-3500 — CVSS 9.0 (critical): Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects…
CVE-2021-45337 — CVSS 8.8 (high): Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges…
CVE-2021-45335 — CVSS 8.8 (high): Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of…
CVE-2021-45336 — CVSS 8.8 (high): Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated…
CVE-2021-45339 — CVSS 7.8 (high): Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted…
CVE-2021-45338 — CVSS 7.8 (high): Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling…
CVE-2019-17093 — CVSS 7.8 (high): An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to…
CVE-2020-10862 — CVSS 7.8 (high): An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe)…
CVE-2017-8308 — CVSS 7.5 (high): In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the…
CVE-2020-10860 — CVSS 7.5 (high): An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library…
CVE-2020-10861 — CVSS 7.5 (high): An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe)…
CVE-2020-10863 — CVSS 7.5 (high): An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe)…
CVE-2020-10865 — CVSS 7.5 (high): An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe)…
CVE-2020-10866 — CVSS 7.5 (high): An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe)…
CVE-2020-10868 — CVSS 7.5 (high): An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe)…
CVE-2022-4294 — CVSS 7.1 (high): Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue…
CVE-2024-5102 — CVSS 7.0 (high): A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete…
CVE-2023-1586 — CVSS 6.5 (medium): Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading…
CVE-2020-10864 — CVSS 6.5 (medium): An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe)…
CVE-2023-1585 — CVSS 6.5 (medium): Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process…
CVE-2019-18653 — CVSS 6.1 (medium): A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440…
CVE-2023-1587 — CVSS 5.8 (medium): Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast…
CVE-2020-15024 — CVSS 5.5 (medium): An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered…
CVE-2020-20118 — CVSS 5.5 (medium): Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request…
CVE-2024-9482 — CVSS 5.1 (medium): An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed…
CVE-2024-9483 — CVSS 5.1 (medium): A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS…
CVE-2024-9484 — CVSS 5.1 (medium): An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a…
CVE-2024-9481 — CVSS 5.1 (medium): An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed…
CVE-2019-11230 — CVSS 4.4 (medium): In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log…