Vulnerabilities > Kaspersky
|2021-05-14||CVE-2020-27020|| Inadequate Encryption Strength vulnerability in Kaspersky Password Manager 9.2 |
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases.
| 5.0 |
|2021-04-01||CVE-2021-26718|| Incorrect Authorization vulnerability in Kaspersky Internet Security |
KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection.
| 2.1 |
|2021-02-26||CVE-2020-26200|| Incorrect Authorization vulnerability in Kaspersky Endpoint Security and Rescue Disk |
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity.
| 4.6 |
|2021-01-26||CVE-2020-36200|| Server-Side Request Forgery (SSRF) vulnerability in Kaspersky Tinycheck |
TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.
| 4.0 |
|2021-01-26||CVE-2020-36199|| Command Injection vulnerability in Kaspersky Tinycheck |
TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.
| 7.5 |
|2021-01-19||CVE-2020-35929|| Use of Hard-coded Credentials vulnerability in Kaspersky Tinycheck |
In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool.
| 5.0 |
|2020-12-04||CVE-2020-28950|| Uncontrolled Search Path Element vulnerability in Kaspersky Anti-Ransomware Tool 4.0 |
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
| 6.9 |
|2020-09-02||CVE-2020-25045|| Uncontrolled Search Path Element vulnerability in Kaspersky Security Center and Security Center web Console |
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system.
| 4.4 |
|2020-09-02||CVE-2020-25044|| Unspecified vulnerability in Kaspersky Virus Removal Tool |
Kaspersky Virus Removal Tool (KVRT) prior to 188.8.131.52 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system.
| 3.6 |
|2020-09-02||CVE-2020-25043|| Unspecified vulnerability in Kaspersky VPN Secure Connection |
The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.
| 3.6 |