CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15688
https://notcve.org/view.php?id=CVE-2019-15688
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection no informó adecuadamente al usuario sobre la amenaza de redireccionar a un sitio no seguro . Omisión. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-8286
https://notcve.org/view.php?id=CVE-2019-8286
Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6 La divulgación de información en Kaspersky Anti-Virus, Kaspersky Internet Security, las versiones de Kaspersky Total Security hasta 2019 podrían revelar una identificación de producto única al obligar a la víctima a visitar una página web especialmente diseñada (por ejemplo, haciendo clic en el enlace de phishing). La vulnerabilidad tiene CVSS v3.0 puntuación base 2.6 • http://www.securityfocus.com/bid/109300 https://support.kaspersky.com/general/vulnerability.aspx?el=12430#110719 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 95%CPEs: 1EXPL: 1CVE-2010-3189 – Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution
https://notcve.org/view.php?id=CVE-2010-3189
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. La función extSetOwner en el control ActiveX UfProxyBrowserCtrl (UfPBCtrl.dll) en Trend Micro Internet Security Pro 2010 permite a atacantes remotos ejecutar código de su elección a través de una dirección no válida que es desreferenciada como puntero. • https://www.exploit-db.com/exploits/15168 http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx http://secunia.com/advisories/41140 http://www.securityfocus.com/archive/1/513327/100/0/threaded http://www.securitytracker.com/id?1024364 http://www.vupen.com/english/advisories/2010/2185 http://www.zerodayinitiative.com/advisories/ZDI-10-165 https://exchange.xforce.ibmcloud.com/vulnerabilities/61397 https://oval.cisecurity.org/repository/search/definition/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •