CVE-2024-7228

MEDIUM Year: 2024
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-59
View all →

Vulnerability Description

Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to create a folder. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-22806.

Related Vulnerabilities

CVE-2013-1866

MEDIUM
CVSS:6.1(Medium)

OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability

CWE-592013

CVE-2013-1867

MEDIUM
CVSS:6.1(Medium)

Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability

CWE-592013

CVE-2015-5700

MEDIUM
CVSS:6.1(Medium)

mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.

CWE-592015

CVE-2015-5701

MEDIUM
CVSS:6.1(Medium)

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a...

CWE-592015

CVE-2017-12258

MEDIUM
CVSS:6.1(Medium)

A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists be...

CWE-592017

CVE-2020-26277

MEDIUM
CVSS:6.1(Medium)

DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files e...

CWE-592020