Vulnerabilities > Kaspersky > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-11-23 CVE-2021-35052 Improper Privilege Management vulnerability in Kaspersky Password Manager 9.0.2
A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High.
local
low complexity
kaspersky CWE-269
4.6
2021-05-14 CVE-2020-27020 Inadequate Encryption Strength vulnerability in Kaspersky Password Manager 9.2
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases.
network
low complexity
kaspersky CWE-326
5.0
2021-02-26 CVE-2020-26200 Incorrect Authorization vulnerability in Kaspersky Endpoint Security and Rescue Disk
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity.
local
low complexity
kaspersky CWE-863
4.6
2021-01-26 CVE-2020-36200 Server-Side Request Forgery (SSRF) vulnerability in Kaspersky Tinycheck
TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.
network
low complexity
kaspersky CWE-918
4.0
2021-01-19 CVE-2020-35929 Use of Hard-coded Credentials vulnerability in Kaspersky Tinycheck
In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool.
network
low complexity
kaspersky CWE-798
5.0
2020-12-04 CVE-2020-28950 Uncontrolled Search Path Element vulnerability in Kaspersky Anti-Ransomware Tool 4.0
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
6.9
2020-09-02 CVE-2020-25045 Uncontrolled Search Path Element vulnerability in Kaspersky Security Center and Security Center web Console
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system.
4.4
2019-12-02 CVE-2019-15689 Exposure of Resource to Wrong Sphere vulnerability in Kaspersky products
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights.
local
low complexity
kaspersky CWE-668
4.6
2019-11-26 CVE-2019-15688 Open Redirect vulnerability in Kaspersky products
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site.
network
kaspersky CWE-601
5.8
2019-11-26 CVE-2019-15687 Information Exposure vulnerability in Kaspersky products
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID).
network
kaspersky CWE-200
4.3