This page aggregates publicly disclosed CVE and security risk information related to totalav, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-47787 | TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration. | [email protected] | 8.5 | 0.01% | 2026-01-16 | 2026-02-09 |
| CVE-2024-31771 | Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file | [email protected] | 7.8 | 2.96% | 2024-05-14 | 2026-01-21 |
| CVE-2019-18194 | TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. | [email protected] | 7.8 | 0.38% | 2020-01-10 | 2024-11-21 |
| CVE-2018-7535 | An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product. | [email protected] | 7.8 | 0.03% | 2018-07-13 | 2024-11-21 |