Vulnerabilities > Kaspersky
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-18 | CVE-2019-8286 | Information Exposure vulnerability in Kaspersky products Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). | 4.3 |
| 2019-05-08 | CVE-2019-8285 | Out-of-bounds Write vulnerability in Kaspersky Antivirus Engine Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution | 9.0 |
| 2018-04-19 | CVE-2018-6306 | Untrusted Search Path vulnerability in Kaspersky Password Manager Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. | 6.8 |
| 2018-02-06 | CVE-2018-6291 | Cross-site Scripting vulnerability in Kaspersky Secure Mail Gateway 1.1 WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. | 4.3 |
| 2018-02-06 | CVE-2018-6290 | Unspecified vulnerability in Kaspersky Secure Mail Gateway 1.1 Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. | 7.2 |
| 2018-02-06 | CVE-2018-6289 | Injection vulnerability in Kaspersky Secure Mail Gateway 1.1 Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. | 10.0 |
| 2018-02-06 | CVE-2018-6288 | Cross-Site Request Forgery (CSRF) vulnerability in Kaspersky Secure Mail Gateway 1.1 Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. | 6.8 |
| 2017-12-08 | CVE-2017-12823 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kaspersky Embedded Systems Security 1.2.0.300/2.0.0.385 Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation. | 4.6 |
| 2017-08-25 | CVE-2017-12817 | Missing Encryption of Sensitive Data vulnerability in Kaspersky Internet Security 11.12.4.1622 In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | 5.0 |
| 2017-08-25 | CVE-2017-12816 | Incorrect Permission Assignment for Critical Resource vulnerability in Kaspersky Internet Security 11.12.4.1622 In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | 7.5 |