VYPR
Vendor

K7 Computing

Products
9
CVEs
14
Across products
17
Status
Private

Products

9

Recent CVEs

14
  • CVE-2019-16896HigDec 27, 2019
    risk 0.51cvss 7.8epss 0.00

    In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality.

  • CVE-2018-5217HigJan 4, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.

  • CVE-2018-5087HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100.

  • CVE-2018-5084HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.

  • CVE-2018-5083HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B.

  • CVE-2018-5079HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.

  • CVE-2025-52915HigSep 9, 2025
    risk 0.47cvss 7.2epss 0.01

    K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's…

  • CVE-2024-36424MedAug 6, 2024
    risk 0.39cvss 5.5epss 0.01

    K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of service (BSOD) because of a NULL pointer dereference.

  • CVE-2017-17429MedJan 16, 2018
    risk 0.36cvss 5.5epss 0.00

    In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL.

  • CVE-2014-9643Feb 6, 2015
    risk 0.03cvss epss 0.01

    K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or…

  • CVE-2025-67826Dec 22, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE) vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows…

  • CVE-2014-8956Dec 12, 2014
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors.

  • CVE-2014-8608Dec 12, 2014
    risk 0.00cvss epss 0.00

    The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer dereference) as demonstrated by a filename containing "crashme$$".

  • CVE-2014-7136Dec 12, 2014
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call.