Kaspersky Lab
Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider company headquartered in Moscow, Russia. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, endpoint security, SIEM, XDR, and other cybersecurity products and services. The Kaspersky Global Research and Analysis Team (GReAT) has led the discovery of sophisticated espionage platforms conducted by nations, such as Equation Group and the Stuxnet worm. Their research has uncovered large-scale and highly technical cyber espionage attempts.
Products
39- 48 CVEs
- 24 CVEs
- 14 CVEs
- 10 CVEs
- 8 CVEs
- 7 CVEs
- 7 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- View all 39 products →
Recent CVEs
114| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9811 | Cri | 0.68 | 9.8 | 0.10 | Jul 17, 2017 | The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root. | ||
| CVE-2018-6289 | Cri | 0.64 | 9.8 | 0.07 | Feb 6, 2018 | Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. | ||
| CVE-2017-12816 | Cri | 0.64 | 9.8 | 0.02 | Aug 25, 2017 | In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | ||
| CVE-2017-9810 | Hig | 0.60 | 8.8 | 0.02 | Jul 17, 2017 | There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an… | ||
| CVE-2018-6288 | Hig | 0.57 | 8.8 | 0.01 | Feb 6, 2018 | Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. | ||
| CVE-2017-9812 | Hig | 0.53 | 7.5 | 0.11 | Jul 17, 2017 | The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges. | ||
| CVE-2018-6306 | Hig | 0.51 | 7.8 | 0.03 | Apr 19, 2018 | Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. | ||
| CVE-2018-6290 | Hig | 0.51 | 7.8 | 0.00 | Feb 6, 2018 | Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. | ||
| CVE-2017-12823 | Hig | 0.51 | 7.8 | 0.00 | Dec 8, 2017 | Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation. | ||
| CVE-2017-12817 | Hig | 0.49 | 7.5 | 0.01 | Aug 25, 2017 | In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | ||
| CVE-2017-9813 | Med | 0.43 | 6.1 | 0.03 | Jul 17, 2017 | In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS). | ||
| CVE-2025-64984 | Med | 0.40 | 6.1 | 0.00 | Nov 20, 2025 | Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint… | ||
| CVE-2018-6291 | Med | 0.40 | 6.1 | 0.01 | Feb 6, 2018 | WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. | ||
| CVE-2016-6231 | Med | 0.38 | 5.9 | 0.01 | Aug 25, 2016 | Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | ||
| CVE-2016-4329 | Med | 0.36 | 5.5 | 0.01 | Jan 6, 2017 | A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism. | ||
| CVE-2016-4307 | Med | 0.36 | 5.5 | 0.01 | Jan 6, 2017 | A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program… | ||
| CVE-2016-4306 | Med | 0.36 | 5.5 | 0.01 | Jan 6, 2017 | Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel… | ||
| CVE-2016-4305 | Med | 0.36 | 5.5 | 0.00 | Jan 6, 2017 | A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program… | ||
| CVE-2016-4304 | Med | 0.36 | 5.5 | 0.00 | Jan 6, 2017 | A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An… | ||
| CVE-2024-13614 | Med | 0.34 | 5.3 | 0.00 | Feb 6, 2025 | Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky… |
- risk 0.68cvss 9.8epss 0.10
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
- risk 0.64cvss 9.8epss 0.07
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.
- risk 0.64cvss 9.8epss 0.02
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.
- risk 0.60cvss 8.8epss 0.02
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an…
- risk 0.57cvss 8.8epss 0.01
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1.
- risk 0.53cvss 7.5epss 0.11
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.
- risk 0.51cvss 7.8epss 0.03
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.
- risk 0.51cvss 7.8epss 0.00
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.
- risk 0.51cvss 7.8epss 0.00
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.
- risk 0.49cvss 7.5epss 0.01
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.
- risk 0.43cvss 6.1epss 0.03
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).
- risk 0.40cvss 6.1epss 0.00
Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint…
- risk 0.40cvss 6.1epss 0.01
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.
- risk 0.38cvss 5.9epss 0.01
Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.
- risk 0.36cvss 5.5epss 0.01
A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.
- risk 0.36cvss 5.5epss 0.01
A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program…
- risk 0.36cvss 5.5epss 0.01
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel…
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program…
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An…
- risk 0.34cvss 5.3epss 0.00
Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky…