Vulnerabilities > Kaspersky
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-25 | CVE-2017-12816 | Incorrect Permission Assignment for Critical Resource vulnerability in Kaspersky Internet Security 11.12.4.1622 In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | 9.8 |
| 2017-07-17 | CVE-2017-9813 | Cross-site Scripting vulnerability in Kaspersky Anti-Virus for Linux Server 8.0.3.297 In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS). | 6.1 |
| 2017-07-17 | CVE-2017-9812 | Information Exposure vulnerability in Kaspersky Anti-Virus for Linux Server 8.0.3.297 The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges. | 7.5 |
| 2017-07-17 | CVE-2017-9811 | Improper Input Validation vulnerability in Kaspersky Anti-Virus for Linux Server 8.0.3.297 The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). | 9.8 |
| 2017-07-17 | CVE-2017-9810 | Cross-Site Request Forgery (CSRF) vulnerability in Kaspersky Anti-Virus for Linux Server 8.0.3.297 There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). | 8.8 |
| 2017-01-06 | CVE-2016-4329 | Improper Input Validation vulnerability in Kaspersky Anti-Virus, Internet Security and Total Security A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. | 5.5 |
| 2017-01-06 | CVE-2016-4307 | Improper Access Control vulnerability in Kaspersky Internet Security 16.0.0 A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. | 5.5 |
| 2017-01-06 | CVE-2016-4306 | Information Exposure vulnerability in Kaspersky Total Security 16.0.0.614 Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. | 5.5 |
| 2017-01-06 | CVE-2016-4305 | Improper Access Control vulnerability in Kaspersky Internet Security 16.0.0 A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. | 5.5 |
| 2017-01-06 | CVE-2016-4304 | Improper Access Control vulnerability in Kaspersky Internet Security 16.0.0 A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. | 5.5 |