Vulnerabilities > Kaspersky
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-05 | CVE-2022-27535 | Unspecified vulnerability in Kaspersky VPN Secure Connection 5.0 Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker. | 7.8 |
| 2022-04-01 | CVE-2021-27223 | Unspecified vulnerability in Kaspersky products A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. | 5.5 |
| 2022-04-01 | CVE-2022-27534 | Unspecified vulnerability in Kaspersky products Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. | 9.8 |
| 2021-11-23 | CVE-2021-35052 | Improper Privilege Management vulnerability in Kaspersky Password Manager 9.0.2 A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. | 7.8 |
| 2021-11-03 | CVE-2021-35053 | Unspecified vulnerability in Kaspersky Endpoint Security 11.1.0/11.6.0 Possible system denial of service in case of arbitrary changing Firefox browser parameters. | 7.5 |
| 2021-05-14 | CVE-2020-27020 | Inadequate Encryption Strength vulnerability in Kaspersky Password Manager 9.0.2/9.2 Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. | 7.5 |
| 2021-04-01 | CVE-2021-26718 | Incorrect Authorization vulnerability in Kaspersky Internet Security KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. | 5.5 |
| 2021-02-26 | CVE-2020-26200 | Improper Authentication vulnerability in Kaspersky Endpoint Security and Rescue Disk A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. | 6.8 |
| 2021-01-26 | CVE-2020-36200 | Server-Side Request Forgery (SSRF) vulnerability in Kaspersky Tinycheck TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs. | 6.5 |
| 2021-01-26 | CVE-2020-36199 | OS Command Injection vulnerability in Kaspersky Tinycheck TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places. | 9.8 |