CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12823
https://notcve.org/view.php?id=CVE-2017-12823
08 Dec 2017 — Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation. La corrupción del grupo de memoria del kernel en uno de los controladores en Kaspersky Embedded Systems Security 1.2.0.300 conduce a una escalada de privilegios. • http://www.securityfocus.com/bid/102141 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12816
https://notcve.org/view.php?id=CVE-2017-12816
25 Aug 2017 — In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. En Kaspersky Internet Security para Android 11.12.4.1622, algunas de las actividades de exportación de aplicación tienen permisos débiles, lo que podría ser empleado por una aplicación malware para obtener acceso sin autorización a la funcionalidad de producto mediante ... • http://www.securityfocus.com/bid/100505 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12817
https://notcve.org/view.php?id=CVE-2017-12817
25 Aug 2017 — In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. En Kaspersky Internet Security para Android 11.12.4.1622, algunos de los archivos de seguimiento de aplicación no estaban cifrados. • http://www.securityfocus.com/bid/100504 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 5CVE-2017-9810 – Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-9810
29 Jun 2017 — There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. No existen tokens Anti-CSRF en ningún formulario en la interfaz web en Kaspersky Anti-Virus para Linux File Server anterior al paquete de mantenimiento 2 corrección crítica 4 (versión 8.0.4.312). Esto permitiría ... • https://packetstorm.news/files/id/143190 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 24%CPEs: 1EXPL: 5CVE-2017-9811 – Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-9811
29 Jun 2017 — The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root. El kluser es capaz de interactuar con el binario kav4fs-control en Kaspersky Anti-Virus para Linux File Server anterior al paquete de mantenimiento 2 corrección crítica 4 (versión 8.0.4.312). Al violar las operaciones de lectura y escritur... • https://packetstorm.news/files/id/143190 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 27%CPEs: 1EXPL: 5CVE-2017-9812 – Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-9812
29 Jun 2017 — The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges. El parámetro reportId del método de la acción getReportStatus puede ser violado en la interfaz web en Kaspersky Anti-Virus para Linux File Server anterior al paquete de mantenimiento 2 corrección crítica 4 (versión 8.0.4.312), para leer archivos arbitrarios con ... • https://packetstorm.news/files/id/143190 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 5CVE-2017-9813 – Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-9813
29 Jun 2017 — In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS). En Kaspersky Anti-Virus para Linux File Server anterior al paquete de mantenimiento 2 corrección crítica 4 (versión 8.0.4.312), el parámetro scriptName del método de acción licenseKeyInfo es vulnerable a un problema de tipo cross-site scripting (XSS). Kaspersky Anti-Virus for Linux File Server ver... • https://packetstorm.news/files/id/143190 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-4304
https://notcve.org/view.php?id=CVE-2016-4304
06 Jan 2017 — A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability. Existe una vulnerabilidad de denegación de servicio en la funcionalidad de filtrado syscall del controlador de Kaspersky Internet Security KLIF. Una petición de llamad... • http://securitytracker.com/id/1036702 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-4305
https://notcve.org/view.php?id=CVE-2016-4305
06 Jan 2017 — A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability. Existe una vulnerabilidad de denegación de servicio en la funcionalidad de filtrado syscall filtering del controlador Kaspersky Internet Security KLIF. Una llamada api nativa especialmente ... • http://securitytracker.com/id/1036702 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-4306
https://notcve.org/view.php?id=CVE-2016-4306
06 Jan 2017 — Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability. Existen múltiples fugas de información en varios manejadores IOCTL del control... • http://securitytracker.com/id/1036702 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •