Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).
Max CVSS
9.8
EPSS Score
0.33%
Published
2022-04-01
Updated
2022-04-08
TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.
Max CVSS
9.8
EPSS Score
0.18%
Published
2021-01-26
Updated
2021-07-21
In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data.
Max CVSS
9.8
EPSS Score
0.22%
Published
2021-01-19
Updated
2021-01-29
Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution
Max CVSS
9.0
EPSS Score
0.10%
Published
2019-05-08
Updated
2020-08-24
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.
Max CVSS
10.0
EPSS Score
0.46%
Published
2018-02-06
Updated
2018-02-23
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.
Max CVSS
9.8
EPSS Score
0.22%
Published
2017-08-25
Updated
2021-06-17
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
Max CVSS
10.0
EPSS Score
1.57%
Published
2017-07-17
Updated
2017-08-12
Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
10.0
EPSS Score
0.18%
Published
2009-09-11
Updated
2009-09-14
Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 for Sendmail allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed mail message.
Max CVSS
10.0
EPSS Score
0.80%
Published
2001-10-18
Updated
2018-11-28
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!