Filtered by vendor Kaspersky
Subscribe
Search
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35053 | 2 Kaspersky, Microsoft | 2 Endpoint Security, Windows | 2022-04-29 | 7.8 HIGH | 7.5 HIGH |
| Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable. | |||||
| CVE-2021-35052 | 1 Kaspersky | 1 Password Manager | 2021-11-29 | 4.6 MEDIUM | 7.8 HIGH |
| A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. | |||||
| CVE-2017-12817 | 1 Kaspersky | 1 Internet Security | 2021-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | |||||
| CVE-2020-27020 | 1 Kaspersky | 1 Password Manager | 2021-05-20 | 5.0 MEDIUM | 7.5 HIGH |
| Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation). | |||||
| CVE-2020-28950 | 1 Kaspersky | 1 Anti-ransomware Tool | 2020-12-08 | 6.9 MEDIUM | 7.8 HIGH |
| The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process. | |||||
| CVE-2020-25045 | 1 Kaspersky | 2 Security Center, Security Center Web Console | 2020-09-11 | 4.4 MEDIUM | 7.8 HIGH |
| Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system. | |||||
| CVE-2020-25044 | 1 Kaspersky | 1 Virus Removal Tool | 2020-09-10 | 3.6 LOW | 7.1 HIGH |
| Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system. | |||||
| CVE-2020-25043 | 1 Kaspersky | 1 Vpn Secure Connection | 2020-09-10 | 3.6 LOW | 7.1 HIGH |
| The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system. | |||||
| CVE-2019-8285 | 1 Kaspersky | 1 Antivirus Engine | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution | |||||
| CVE-2017-9810 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | |||||
| CVE-2018-6290 | 1 Kaspersky | 1 Secure Mail Gateway | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. | |||||
| CVE-2018-6306 | 1 Kaspersky | 1 Password Manager | 2018-05-22 | 6.8 MEDIUM | 7.8 HIGH |
| Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. | |||||
| CVE-2018-6288 | 1 Kaspersky | 1 Secure Mail Gateway | 2018-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. | |||||
| CVE-2017-12823 | 1 Kaspersky | 1 Embedded Systems Security | 2017-12-20 | 4.6 MEDIUM | 7.8 HIGH |
| Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation. | |||||
| CVE-2017-9812 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2017-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges. | |||||