Vulnerabilities > Kaspersky > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-26 | CVE-2019-15686 | Unspecified vulnerability in Kaspersky products Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. network kaspersky | 5.8 |
| 2019-11-26 | CVE-2019-15685 | Unspecified vulnerability in Kaspersky products Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. network kaspersky | 4.3 |
| 2019-11-25 | CVE-2019-15684 | Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions. | 4.3 |
| 2019-07-18 | CVE-2019-8286 | Information Exposure vulnerability in Kaspersky products Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). | 4.3 |
| 2018-04-19 | CVE-2018-6306 | Untrusted Search Path vulnerability in Kaspersky Password Manager Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. | 6.8 |
| 2018-02-06 | CVE-2018-6291 | Cross-site Scripting vulnerability in Kaspersky Secure Mail Gateway 1.1 WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. | 4.3 |
| 2018-02-06 | CVE-2018-6288 | Cross-Site Request Forgery (CSRF) vulnerability in Kaspersky Secure Mail Gateway 1.1 Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. | 6.8 |
| 2017-12-08 | CVE-2017-12823 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kaspersky Embedded Systems Security 1.2.0.300/2.0.0.385 Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation. | 4.6 |
| 2017-08-25 | CVE-2017-12817 | Missing Encryption of Sensitive Data vulnerability in Kaspersky Internet Security 11.12.4.1622 In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | 5.0 |
| 2017-07-17 | CVE-2017-9813 | Cross-site Scripting vulnerability in Kaspersky Anti-Virus FOR Linux Server In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS). | 4.3 |