VYPR
Vendor

Kaspersky Lab

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider company headquartered in Moscow, Russia. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, endpoint security, SIEM, XDR, and other cybersecurity products and services. The Kaspersky Global Research and Analysis Team (GReAT) has led the discovery of sophisticated espionage platforms conducted by nations, such as Equation Group and the Stuxnet worm. Their research has uncovered large-scale and highly technical cyber espionage attempts.

Founded 1997
Products
39
CVEs
114
Across products
173
Status
Private

Products

39
View all 39 products →

Recent CVEs

114
View all 114 CVEs →
  • CVE-2017-9811CriJul 17, 2017
    risk 0.68cvss 9.8epss 0.10

    The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.

  • CVE-2018-6289CriFeb 6, 2018
    risk 0.64cvss 9.8epss 0.07

    Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.

  • CVE-2017-12816CriAug 25, 2017
    risk 0.64cvss 9.8epss 0.02

    In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.

  • CVE-2017-9810HigJul 17, 2017
    risk 0.60cvss 8.8epss 0.02

    There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an…

  • CVE-2018-6288HigFeb 6, 2018
    risk 0.57cvss 8.8epss 0.01

    Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1.

  • CVE-2017-9812HigJul 17, 2017
    risk 0.53cvss 7.5epss 0.11

    The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.

  • CVE-2018-6306HigApr 19, 2018
    risk 0.51cvss 7.8epss 0.03

    Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.

  • CVE-2018-6290HigFeb 6, 2018
    risk 0.51cvss 7.8epss 0.00

    Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.

  • CVE-2017-12823HigDec 8, 2017
    risk 0.51cvss 7.8epss 0.00

    Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.

  • CVE-2017-12817HigAug 25, 2017
    risk 0.49cvss 7.5epss 0.01

    In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.

  • CVE-2017-9813MedJul 17, 2017
    risk 0.43cvss 6.1epss 0.03

    In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).

  • CVE-2025-64984MedNov 20, 2025
    risk 0.40cvss 6.1epss 0.00

    Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint…

  • CVE-2018-6291MedFeb 6, 2018
    risk 0.40cvss 6.1epss 0.01

    WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.

  • CVE-2016-6231MedAug 25, 2016
    risk 0.38cvss 5.9epss 0.01

    Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.

  • CVE-2016-4329MedJan 6, 2017
    risk 0.36cvss 5.5epss 0.01

    A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.

  • CVE-2016-4307MedJan 6, 2017
    risk 0.36cvss 5.5epss 0.01

    A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program…

  • CVE-2016-4306MedJan 6, 2017
    risk 0.36cvss 5.5epss 0.01

    Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel…

  • CVE-2016-4305MedJan 6, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program…

  • CVE-2016-4304MedJan 6, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An…

  • CVE-2024-13614MedFeb 6, 2025
    risk 0.34cvss 5.3epss 0.00

    Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky…