VYPR

Vendor CVEs

Kaspersky Lab

All CVEs

114 total · sorted by risk
  • CVE-2007-1879Apr 6, 2007
    risk 0.00cvss epss 0.03

    The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that…

  • CVE-2007-1281Mar 6, 2007
    risk 0.00cvss epss 0.03

    Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.

  • CVE-2007-0125Jan 9, 2007
    risk 0.00cvss epss 0.03

    Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial…

  • CVE-2006-6408Dec 10, 2006
    risk 0.00cvss epss 0.02

    Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.

  • CVE-2006-4265Aug 21, 2006
    risk 0.00cvss epss 0.01

    Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows remote attackers to obtain responses to ICMP (1) timestamp and (2) netmask requests, which is inconsistent with the documented behavior of Stealth Mode.

  • CVE-2006-1091Mar 9, 2006
    risk 0.00cvss epss 0.03

    Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors.

  • CVE-2005-3664Nov 18, 2005
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file.

  • CVE-2005-3663Nov 18, 2005
    risk 0.00cvss epss 0.00

    Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.

  • CVE-2005-3376Oct 30, 2005
    risk 0.00cvss epss 0.01

    Multiple interpretation error in Kaspersky 5.0.372 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still…

  • CVE-2005-3210Oct 14, 2005
    risk 0.00cvss epss 0.02

    Multiple interpretation error in unspecified versions of Kaspersky Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as…

  • CVE-2005-2582Aug 16, 2005
    risk 0.00cvss epss 0.00

    Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent…

  • CVE-2003-1444Dec 31, 2003
    risk 0.00cvss epss 0.00

    Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname.

  • CVE-2003-1443Dec 31, 2003
    risk 0.00cvss epss 0.00

    Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com.

  • CVE-2002-2337Dec 31, 2002
    risk 0.00cvss epss 0.01

    Kaspersky Anti-Hacker 1.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.

Page 3 of 3