Vulnerabilities > Kaspersky

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-9813 Cross-site Scripting vulnerability in Kaspersky Anti-Virus FOR Linux Server
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).
network
kaspersky CWE-79
4.3
2017-07-17 CVE-2017-9812 Information Exposure vulnerability in Kaspersky Anti-Virus FOR Linux Server
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.
network
low complexity
kaspersky CWE-200
5.0
2017-07-17 CVE-2017-9811 Improper Input Validation vulnerability in Kaspersky Anti-Virus FOR Linux Server
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312).
network
low complexity
kaspersky CWE-20
critical
10.0
2017-07-17 CVE-2017-9810 Cross-Site Request Forgery (CSRF) vulnerability in Kaspersky Anti-Virus FOR Linux Server
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312).
network
kaspersky CWE-352
6.8
2017-01-06 CVE-2016-4329 Improper Input Validation vulnerability in Kaspersky Anti-Virus, Internet Security and Total Security
A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software.
local
low complexity
kaspersky CWE-20
2.1
2017-01-06 CVE-2016-4307 Improper Access Control vulnerability in Kaspersky Internet Security 16.0.0
A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver.
local
low complexity
kaspersky CWE-284
2.1
2017-01-06 CVE-2016-4306 Information Exposure vulnerability in Kaspersky Total Security 16.0.0.614
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver.
local
low complexity
kaspersky CWE-200
2.1
2017-01-06 CVE-2016-4305 Improper Access Control vulnerability in Kaspersky Internet Security 16.0.0
A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver.
local
low complexity
kaspersky CWE-284
2.1
2017-01-06 CVE-2016-4304 Improper Access Control vulnerability in Kaspersky Internet Security 16.0.0
A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver.
local
low complexity
kaspersky CWE-284
2.1
2016-08-25 CVE-2016-6231 Information Exposure vulnerability in Kaspersky Safe Browser
Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.
network
kaspersky CWE-200
4.3