Filtered by vendor Kaspersky
Subscribe
Total
61 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-15689 | 1 Kaspersky | 4 Kaspersky Internet Security, Secure Connection, Security Cloud and 1 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products | |||||
CVE-2019-15685 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass. | |||||
CVE-2019-8286 | 1 Kaspersky | 5 Anti-virus, Free Anti-virus, Internet Security and 2 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6 | |||||
CVE-2019-8285 | 1 Kaspersky | 1 Antivirus Engine | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution | |||||
CVE-2018-6290 | 1 Kaspersky | 1 Secure Mail Gateway | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. | |||||
CVE-2018-6289 | 1 Kaspersky | 1 Secure Mail Gateway | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. | |||||
CVE-2018-6291 | 1 Kaspersky | 1 Secure Mail Gateway | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. | |||||
CVE-2018-6306 | 1 Kaspersky | 1 Password Manager | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. | |||||
CVE-2018-6288 | 1 Kaspersky | 1 Secure Mail Gateway | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. | |||||
CVE-2017-12823 | 1 Kaspersky | 1 Embedded Systems Security | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation. | |||||
CVE-2017-9812 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges. | |||||
CVE-2017-12817 | 1 Kaspersky | 1 Internet Security | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | |||||
CVE-2017-9810 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | |||||
CVE-2017-9811 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root. | |||||
CVE-2017-12816 | 1 Kaspersky | 1 Internet Security | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | |||||
CVE-2017-9813 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS). | |||||
CVE-2016-4304 | 1 Kaspersky | 1 Internet Security | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability. | |||||
CVE-2016-4329 | 1 Kaspersky | 3 Anti-virus, Internet Security, Total Security | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism. | |||||
CVE-2016-4305 | 1 Kaspersky | 1 Internet Security | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability. | |||||
CVE-2016-4307 | 1 Kaspersky | 1 Internet Security | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user-mode to trigger this vulnerability. |