Vulnerabilities > Kaspersky
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-26 | CVE-2019-15685 | Unspecified vulnerability in Kaspersky products Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. | 4.3 |
| 2019-11-25 | CVE-2019-15684 | Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions. | 4.3 |
| 2019-07-18 | CVE-2019-8286 | Information Exposure vulnerability in Kaspersky products Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). | 4.3 |
| 2019-05-08 | CVE-2019-8285 | Out-of-bounds Write vulnerability in Kaspersky Antivirus Engine Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution | 8.8 |
| 2018-04-19 | CVE-2018-6306 | Untrusted Search Path vulnerability in Kaspersky Password Manager Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. | 7.8 |
| 2018-02-06 | CVE-2018-6291 | Cross-site Scripting vulnerability in Kaspersky Secure Mail Gateway 1.1 WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. | 6.1 |
| 2018-02-06 | CVE-2018-6290 | Unspecified vulnerability in Kaspersky Secure Mail Gateway 1.1 Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. | 7.8 |
| 2018-02-06 | CVE-2018-6289 | Injection vulnerability in Kaspersky Secure Mail Gateway 1.1 Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. | 9.8 |
| 2018-02-06 | CVE-2018-6288 | Cross-Site Request Forgery (CSRF) vulnerability in Kaspersky Secure Mail Gateway 1.1 Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. | 8.8 |
| 2017-12-08 | CVE-2017-12823 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kaspersky Embedded Systems Security 1.2.0.300/2.0.0.385 Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation. | 7.8 |