CVE-2019-15687
https://notcve.org/view.php?id=CVE-2019-15687
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection era vulnerable a una divulgación remota de diversa información sobre el sistema del usuario (como versión de Window y versión del producto, ID único del host). Divulgación de Información. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVE-2019-15686
https://notcve.org/view.php?id=CVE-2019-15686
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection permitió a un atacante deshabilitar remotamente varias funcionalidades de protección antivirus. Denegación de Servicio, Omisión. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVE-2019-15685
https://notcve.org/view.php?id=CVE-2019-15685
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection permitió a un atacante deshabilitar remotamente las funcionalidades de seguridad del producto tales como navegación privada y anti-banner. Omisión. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 •
CVE-2019-15688
https://notcve.org/view.php?id=CVE-2019-15688
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass. Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud hasta el 2020, el componente web protection no informó adecuadamente al usuario sobre la amenaza de redireccionar a un sitio no seguro . Omisión. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2019-18654
https://notcve.org/view.php?id=CVE-2019-18654
A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. Se presenta un problema de tipo Cross Site Scripting (XSS) en AVG AntiVirus (Internet Security Edition) versión 19.3.3084 build 19.3.4241.440, en la ventana emergente de notificación de red, permitiendo a un atacante ejecutar código JavaScript por medio de un nombre SSID. • http://firstsight.me/2019/10/5000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop https://medium.com/%40YoKoKho/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •