Avira : Security Vulnerabilities, CVEs, CVSS score >= 9
An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality.
Max CVSS
9.8
EPSS Score
0.23%
Published
2020-04-09
Updated
2021-07-21
Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow.
Max CVSS
9.3
EPSS Score
0.45%
Published
2017-07-27
Updated
2020-08-05
Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header.
Max CVSS
10.0
EPSS Score
0.46%
Published
2015-09-21
Updated
2015-09-23
Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around."
Max CVSS
10.0
EPSS Score
17.72%
Published
2007-06-01
Updated
2018-10-16
4 vulnerabilities found