Kaspersky

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-15685 1Kaspersky 5Anti Virus Internet SecuritySecurity Cloud+2 more Nov 21, 2024 Nov 26, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attack...Show more Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass.Show less
CVE-2019-15684 2Google Kaspersky 2Chrome Protection Nov 21, 2024 Nov 25, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.
CVE-2019-8286 1Kaspersky 5Anti Virus Free Anti VirusInternet Security+2 more Nov 21, 2024 Jul 18, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpag...Show more Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6Show less
CVE-2019-8285 1Kaspersky 1Antivirus Engine Nov 21, 2024 May 8, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution
CVE-2018-6306 1Kaspersky 1Password Manager Nov 21, 2024 Apr 19, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.
CVE-2018-6291 1Kaspersky 1Secure Mail Gateway Nov 21, 2024 Feb 6, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.
CVE-2018-6290 1Kaspersky 1Secure Mail Gateway Nov 21, 2024 Feb 6, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.
CVE-2018-6289 1Kaspersky 1Secure Mail Gateway Nov 21, 2024 Feb 6, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.
CVE-2018-6288 1Kaspersky 1Secure Mail Gateway Nov 21, 2024 Feb 6, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1.
CVE-2017-12823 1Kaspersky 1Embedded Systems Security May 13, 2026 Dec 8, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.
CVE-2017-12817 1Kaspersky 1Internet Security May 13, 2026 Aug 25, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.
CVE-2017-12816 1Kaspersky 1Internet Security May 13, 2026 Aug 25, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality...Show more In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.Show less
CVE-2017-9813 1Kaspersky 1Anti Virus For Linux Server May 13, 2026 Jul 17, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).
CVE-2017-9812 1Kaspersky 1Anti Virus For Linux Server May 13, 2026 Jul 17, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary...Show more The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.Show less
CVE-2017-9811 1Kaspersky 1Anti Virus For Linux Server May 13, 2026 Jul 17, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operation...Show more The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.Show less
CVE-2017-9810 1Kaspersky 1Anti Virus For Linux Server May 13, 2026 Jul 17, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authentic...Show more There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.Show less
CVE-2016-4329 1Kaspersky 3Anti Virus Internet SecurityTotal Security May 6, 2026 Jan 6, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination...Show more A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.Show less
CVE-2016-4307 1Kaspersky 1Internet Security May 6, 2026 Jan 6, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in loc...Show more A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user-mode to trigger this vulnerability.Show less
CVE-2016-4306 1Kaspersky 1Total Security May 6, 2026 Jan 6, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leakin...Show more Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.Show less
CVE-2016-4305 1Kaspersky 1Internet Security May 6, 2026 Jan 6, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting...Show more A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability.Show less

Previous 123 4 Next