Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

avira_prime

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2023-51636
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.77%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 19:16
Updated-14 Aug, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avira Prime Link Following Local Privilege Escalation Vulnerability

Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avira Spotlight Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21600.

Action-Not Available
Vendor-aviraAviraavira
Product-avira_primePrimeprime
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-9320
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.62% / 69.25%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 21:39
Updated-04 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product

Action-Not Available
Vendor-aviran/a
Product-avira_exchange_securityanti-malware_sdkantivirus_serveravira_primeavira_antivirus_for_endpointavira_antivirus_for_small_businessavira_free_security_suiteavira_internet_security_suiten/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type