CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15685
https://notcve.org/view.php?id=CVE-2019-15685
26 Nov 2019 — Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15688
https://notcve.org/view.php?id=CVE-2019-15688
26 Nov 2019 — Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection no inf... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15684
https://notcve.org/view.php?id=CVE-2019-15684
25 Nov 2019 — Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions. Una extensión de Kaspersky Protection para el navegador web Google Chrome versiones anteriores a 30.112.62.0, era vulnerable a un acceso no autorizado a sus funcionalidades remotamente lo que podría conllevar a la eliminación de otras extensiones instaladas. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-8286
https://notcve.org/view.php?id=CVE-2019-8286
18 Jul 2019 — Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6 La divulgación de información en Kaspersky Anti-Virus, Kaspersky Internet Security, las versiones de Kaspersky Total Security hasta 2019 podrían revelar una identificación de producto única al obligar a l... • http://www.securityfocus.com/bid/109300 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2019-8285
https://notcve.org/view.php?id=CVE-2019-8285
08 May 2019 — Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution La versión de Kaspersky Lab Antivirus Engine anterior al 04.apr.2019 tiene una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) que podría permitir la ejecución arbitraria de código. • http://www.securityfocus.com/bid/108284 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6306
https://notcve.org/view.php?id=CVE-2018-6306
19 Apr 2018 — Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. Ejecución de código no autorizado de un DLL específico, conocido como ataque de secuestro de DLL, en las versiones anteriores a la 8.0.6.538 de Kaspersky Password Manager. • https://support.kaspersky.com/vulnerability.aspx?el=12430#120418 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6290
https://notcve.org/view.php?id=CVE-2018-6290
06 Feb 2018 — Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. Escalado de privilegios locales en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6288
https://notcve.org/view.php?id=CVE-2018-6288
06 Feb 2018 — Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. Existe Cross-Site Request Forgery (CSRF) que conduce a la toma de control de una cuenta administrativa en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2018-6289
https://notcve.org/view.php?id=CVE-2018-6289
06 Feb 2018 — Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. Inyección de archivos de configuración provoca ejecución de código como Root en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6291
https://notcve.org/view.php?id=CVE-2018-6291
06 Feb 2018 — WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. Cross-Site Scripting (XSS) en WebConsole en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •