Filtered by vendor Avira
Subscribe
Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36673 | 1 Avira | 1 Phantom Vpn | 2023-08-17 | N/A | 7.3 HIGH |
| An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address" rather than to only Avira Phantom VPN. | |||||
| CVE-2022-3368 | 1 Avira | 1 Avira Security | 2023-08-08 | N/A | 8.8 HIGH |
| A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556. | |||||
| CVE-2020-12463 | 1 Avira | 1 Software Updater | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files. | |||||
| CVE-2019-18568 | 2 Avira, Microsoft | 2 Free Antivirus, Windows | 2020-10-22 | 7.2 HIGH | 8.8 HIGH |
| Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user. | |||||
| CVE-2020-12254 | 1 Avira | 1 Antivirus | 2020-10-06 | 4.6 MEDIUM | 7.8 HIGH |
| Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. | |||||
| CVE-2019-11396 | 2 Avira, Microsoft | 3 Free Security Suite, Software Updater, Windows | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to obtain SYSTEM privileges. Arbitrary file creation can be achieved by abusing the SwuConfig.json file creation: an unprivileged user can replace these files by pseudo-symbolic links to arbitrary files. When an update occurs, a privileged service creates a file and sets its access rights, offering write access to the Everyone group in any directory. | |||||
| CVE-2016-10402 | 1 Avira | 1 Antivirus | 2020-08-05 | 9.3 HIGH | 7.8 HIGH |
| Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow. | |||||
| CVE-2015-7732 | 1 Avira | 1 Avira Mobile Security | 2017-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext. | |||||