CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13614
https://notcve.org/view.php?id=CVE-2024-13614
06 Feb 2025 — Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buff... • https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225 • CWE-190: Integer Overflow or Wraparound •
CVSS: 2.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23349
https://notcve.org/view.php?id=CVE-2023-23349
22 Mar 2024 — Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials. Kaspersky solucionó un problema de... • https://support.kaspersky.com/vulnerability/list-of-advisories/12430#180324 • CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27535
https://notcve.org/view.php?id=CVE-2022-27535
05 Aug 2022 — Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker. La versión de Kaspersky VPN Secure Connection para Windows hasta la 21.5 era vulnerable a la eliminación arbitraria de archivos a través del abuso de su función "Eliminar todos los datos e informes de servicio" por parte de un atacante local autenticado • https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27534
https://notcve.org/view.php?id=CVE-2022-27534
01 Apr 2022 — Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies). Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases lanzados antes del 12 de marzo de 2022, tenían un error en un módulo de análisis de datos que potencialme... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-27223
https://notcve.org/view.php?id=CVE-2021-27223
01 Apr 2022 — A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS Se presentaba un problema de denegación de servicio en uno de los módulos incorporados en los productos Kaspersky Anti-V... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1 •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-35052 – Kaspersky Password Manager Improper Privilege Management Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-35052
23 Nov 2021 — A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. Un componente de Kaspersky Password Manager podría permitir a un atacante elevar el nivel de integridad de un proceso de Medio a Alto This vulnerability allows local attackers to escalate privileges on affected installations of Kaspersky Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35053 – Kaspersky Total Security Directory Traversal Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-35053
03 Nov 2021 — Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable. Una posible denegación de servicio del sistema en caso de cambio arbitrario de los parámetros del navegador Firefox. Un atacante podría cambiar un archivo específico de parámetros del navegador Firefox de una manera determinada y luego reiniciar el sistema para hacer que el sist... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-27020
https://notcve.org/view.php?id=CVE-2020-27020
14 May 2021 — Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation). La funcionalidad password generator del programa Kaspersky Password Manager no era completamente segura desde el punto de vista criptográfico, y en algunos casos potencialmente permitía a un atacante predecir las contraseñas g... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26718
https://notcve.org/view.php?id=CVE-2021-26718
01 Apr 2021 — KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. KIS para macOS en algunos casos de uso era vulnerable a la omisión de AV que potencialmente permitía a un atacante deshabilitar la protección antivirus. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310321 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-26200
https://notcve.org/view.php?id=CVE-2020-26200
26 Feb 2021 — A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify t... • https://github.com/CVEProject/cvelist/blob/master/2020/26xxx/CVE-2020-26200.json • CWE-287: Improper Authentication •