VYPR

Vendor CVEs

Kaspersky Lab

All CVEs

114 total · sorted by risk
  • CVE-2024-1619Feb 29, 2024
    risk 0.00cvss epss 0.00

    Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions.

  • CVE-2021-33972Apr 19, 2023
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 allows attacker to escalate priveleges.

  • CVE-2022-47524Dec 23, 2022
    risk 0.00cvss epss 0.00

    F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack.

  • CVE-2022-38164Nov 7, 2022
    risk 0.00cvss epss 0.00

    A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attack with URL spoofing as the browser only display certain part of the entire URL.

  • CVE-2022-38163Nov 7, 2022
    risk 0.00cvss epss 0.01

    A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.

  • CVE-2022-27535Aug 5, 2022
    risk 0.00cvss epss 0.00

    Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.

  • CVE-2022-28873May 12, 2022
    risk 0.00cvss epss 0.01

    A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks.

  • CVE-2022-28872May 12, 2022
    risk 0.00cvss epss 0.00

    A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop.

  • CVE-2022-28869Apr 15, 2022
    risk 0.00cvss epss 0.00

    A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number.

  • CVE-2022-28868Apr 15, 2022
    risk 0.00cvss epss 0.01

    An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the…

  • CVE-2022-28870Apr 15, 2022
    risk 0.00cvss epss 0.00

    A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails.

  • CVE-2022-27534Apr 1, 2022
    risk 0.00cvss epss 0.03

    Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy…

  • CVE-2021-27223Apr 1, 2022
    risk 0.00cvss epss 0.00

    A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits:…

  • CVE-2021-44751Mar 25, 2022
    risk 0.00cvss epss 0.01

    A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform…

  • CVE-2021-40835Dec 16, 2021
    risk 0.00cvss epss 0.01

    An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from…

  • CVE-2021-40834Dec 10, 2021
    risk 0.00cvss epss 0.01

    A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing…

  • CVE-2021-35052Nov 23, 2021
    risk 0.00cvss epss 0.00

    A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High.

  • CVE-2021-35053Nov 3, 2021
    risk 0.00cvss epss 0.03

    Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.

  • CVE-2021-33596Aug 5, 2021
    risk 0.00cvss epss 0.01

    Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL…

  • CVE-2020-27020May 14, 2021
    risk 0.00cvss epss 0.01

    Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password…

  • CVE-2021-26718Apr 1, 2021
    risk 0.00cvss epss 0.00

    KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection.

  • CVE-2020-26200Feb 26, 2021
    risk 0.00cvss epss 0.00

    A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky…

  • CVE-2020-28950Dec 4, 2020
    risk 0.00cvss epss 0.00

    The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.

  • CVE-2020-25044Sep 2, 2020
    risk 0.00cvss epss 0.00

    Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system.

  • CVE-2020-25043Sep 2, 2020
    risk 0.00cvss epss 0.00

    The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.

  • CVE-2020-25045Sep 2, 2020
    risk 0.00cvss epss 0.00

    Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system.

  • CVE-2020-6012Aug 4, 2020
    risk 0.00cvss epss 0.01

    ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic…

  • CVE-2019-15689Dec 2, 2019
    risk 0.00cvss epss 0.01

    Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights.…

  • CVE-2019-15687Nov 26, 2019
    risk 0.00cvss epss 0.01

    Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's…

  • CVE-2019-15686Nov 26, 2019
    risk 0.00cvss epss 0.01

    Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features.…

  • CVE-2019-15685Nov 26, 2019
    risk 0.00cvss epss 0.01

    Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as…

  • CVE-2019-15688Nov 26, 2019
    risk 0.00cvss epss 0.02

    Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an…

  • CVE-2019-15684Nov 25, 2019
    risk 0.00cvss epss 0.00

    Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.

  • CVE-2019-8286Jul 18, 2019
    risk 0.00cvss epss 0.02

    Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability…

  • CVE-2019-8285May 8, 2019
    risk 0.00cvss epss 0.04

    Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution

  • CVE-2015-8579Dec 16, 2015
    risk 0.00cvss epss 0.01

    Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.

  • CVE-2014-5654Sep 9, 2014
    risk 0.00cvss epss 0.00

    The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2010-5163Aug 25, 2012
    risk 0.00cvss epss 0.00

    Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space…

  • CVE-2009-3177Sep 11, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0…

  • CVE-2009-2647Jul 30, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script."

  • CVE-2008-5426Dec 11, 2008
    risk 0.00cvss epss 0.01

    Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack…

  • CVE-2008-1518Jun 5, 2008
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call.

  • CVE-2007-3675Oct 12, 2007
    risk 0.00cvss epss 0.05

    Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger…

  • CVE-2007-5086Sep 26, 2007
    risk 0.00cvss epss 0.00

    Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2)…

  • CVE-2007-5043Sep 24, 2007
    risk 0.00cvss epss 0.00

    Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to (1) cause a denial of service (crash) and possibly gain privileges via the NtCreateSection kernel SSDT…

  • CVE-2007-4206Aug 8, 2007
    risk 0.00cvss epss 0.00

    Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges.

  • CVE-2007-3906Jul 19, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors. NOTE: it is not clear whether there is an attacker role.

  • CVE-2007-3502Jun 30, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories.

  • CVE-2007-1880Apr 6, 2007
    risk 0.00cvss epss 0.00

    Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via…

  • CVE-2007-1112Apr 6, 2007
    risk 0.00cvss epss 0.05

    Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted…