CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35053 – Kaspersky Total Security Directory Traversal Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-35053
Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable. Una posible denegación de servicio del sistema en caso de cambio arbitrario de los parámetros del navegador Firefox. Un atacante podría cambiar un archivo específico de parámetros del navegador Firefox de una manera determinada y luego reiniciar el sistema para hacer que el sistema no pueda arrancar This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Kaspersky Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Kaspersky Lab Launcher. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021 https://www.zerodayinitiative.com/advisories/ZDI-21-1280 https://www.zerodayinitiative.com/advisories/ZDI-22-431 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-27020
https://notcve.org/view.php?id=CVE-2020-27020
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation). La funcionalidad password generator del programa Kaspersky Password Manager no era completamente segura desde el punto de vista criptográfico, y en algunos casos potencialmente permitía a un atacante predecir las contraseñas generadas. Un atacante necesitaría conocer información adicional (por ejemplo, el momento de la generación de la contraseña) • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26718
https://notcve.org/view.php?id=CVE-2021-26718
KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. KIS para macOS en algunos casos de uso era vulnerable a la omisión de AV que potencialmente permitía a un atacante deshabilitar la protección antivirus. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310321 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-26200
https://notcve.org/view.php?id=CVE-2020-26200
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component. • https://github.com/CVEProject/cvelist/blob/master/2020/26xxx/CVE-2020-26200.json https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36200
https://notcve.org/view.php?id=CVE-2020-36200
TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs. TinyCheck anterior a los commits 9fd360d y ea53de8, permitió a un atacante autenticado enviar una petición GET HTTP hacia una URL diseñada • https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h • CWE-918: Server-Side Request Forgery (SSRF) •