Filtered by vendor Kaspersky
Subscribe
Total
61 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15687 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure. | |||||
| CVE-2019-15689 | 1 Kaspersky | 4 Kaspersky Internet Security, Secure Connection, Security Cloud and 1 more | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products | |||||
| CVE-2019-8286 | 1 Kaspersky | 5 Anti-virus, Free Anti-virus, Internet Security and 2 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6 | |||||
| CVE-2019-8285 | 1 Kaspersky | 1 Antivirus Engine | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution | |||||
| CVE-2018-6306 | 1 Kaspersky | 1 Password Manager | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. | |||||
| CVE-2018-6291 | 1 Kaspersky | 1 Secure Mail Gateway | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. | |||||
| CVE-2018-6288 | 1 Kaspersky | 1 Secure Mail Gateway | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. | |||||
| CVE-2018-6290 | 1 Kaspersky | 1 Secure Mail Gateway | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. | |||||
| CVE-2018-6289 | 1 Kaspersky | 1 Secure Mail Gateway | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. | |||||
| CVE-2017-12823 | 1 Kaspersky | 1 Embedded Systems Security | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation. | |||||
| CVE-2017-12816 | 1 Kaspersky | 1 Internet Security | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | |||||
| CVE-2017-9813 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS). | |||||
| CVE-2017-12817 | 1 Kaspersky | 1 Internet Security | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | |||||
| CVE-2017-9811 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root. | |||||
| CVE-2017-9810 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | |||||
| CVE-2017-9812 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges. | |||||
| CVE-2016-4307 | 1 Kaspersky | 1 Internet Security | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user-mode to trigger this vulnerability. | |||||
| CVE-2016-4306 | 1 Kaspersky | 1 Total Security | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability. | |||||
| CVE-2016-4304 | 1 Kaspersky | 1 Internet Security | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability. | |||||
| CVE-2016-4329 | 1 Kaspersky | 3 Anti-virus, Internet Security, Total Security | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism. | |||||