Kaspersky : Security Vulnerabilities, CVEs, CVSS score >= 9
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).
Max CVSS
9.8
EPSS Score
0.33%
Published
2022-04-01
Updated
2022-04-08
TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.
Max CVSS
9.8
EPSS Score
0.18%
Published
2021-01-26
Updated
2021-07-21
In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data.
Max CVSS
9.8
EPSS Score
0.22%
Published
2021-01-19
Updated
2021-01-29
Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution
Max CVSS
9.0
EPSS Score
0.10%
Published
2019-05-08
Updated
2020-08-24
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.
Max CVSS
10.0
EPSS Score
0.46%
Published
2018-02-06
Updated
2018-02-23
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.
Max CVSS
9.8
EPSS Score
0.22%
Published
2017-08-25
Updated
2021-06-17
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
Max CVSS
10.0
EPSS Score
1.57%
Published
2017-07-17
Updated
2017-08-12
Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
10.0
EPSS Score
0.18%
Published
2009-09-11
Updated
2009-09-14
Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 for Sendmail allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed mail message.
Max CVSS
10.0
EPSS Score
0.80%
Published
2001-10-18
Updated
2018-11-28
9 vulnerabilities found