cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-26718,https://securityvulnerability.io/vulnerability/CVE-2021-26718,,KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection.,Kaspersky,Kaspersky Internet Security For Mac,5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2021-04-01T18:00:59.000Z,0
CVE-2019-15689,https://securityvulnerability.io/vulnerability/CVE-2019-15689,,"Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products",Kaspersky,"Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud",6.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2019-12-02T20:43:52.000Z,0
CVE-2019-15687,https://securityvulnerability.io/vulnerability/CVE-2019-15687,,"Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure.",Kaspersky,"Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-virus, Kaspersky Small Office Security, Kaspersky Security Cloud",6.5,MEDIUM,0.004110000096261501,false,false,false,false,,false,false,2019-11-26T15:45:17.000Z,0
CVE-2019-15686,https://securityvulnerability.io/vulnerability/CVE-2019-15686,,"Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass.",Kaspersky,"Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-virus, Kaspersky Small Office Security, Kaspersky Security Cloud",4.3,MEDIUM,0.0007300000288523734,false,false,false,false,,false,false,2019-11-26T15:44:49.000Z,0
CVE-2019-15685,https://securityvulnerability.io/vulnerability/CVE-2019-15685,,"Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass.",Kaspersky,"Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-virus, Kaspersky Small Office Security, Kaspersky Security Cloud",4.3,MEDIUM,0.0007300000288523734,false,false,false,false,,false,false,2019-11-26T15:44:19.000Z,0
CVE-2019-15688,https://securityvulnerability.io/vulnerability/CVE-2019-15688,,"Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass.",Kaspersky,"Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-virus, Kaspersky Small Office Security, Kaspersky Security Cloud",6.1,MEDIUM,0.0007300000288523734,false,false,false,false,,false,false,2019-11-26T15:32:17.000Z,0
CVE-2019-8286,https://securityvulnerability.io/vulnerability/CVE-2019-8286,,"Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6",Kaspersky,"Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security",4.3,MEDIUM,0.0009800000116229057,false,false,false,false,,false,false,2019-07-18T18:34:15.000Z,0
CVE-2017-12817,https://securityvulnerability.io/vulnerability/CVE-2017-12817,,"In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.",Kaspersky,Kaspersky Kaspersky Internet Security For Android 11.12.4.1622,7.5,HIGH,0.001500000013038516,false,false,false,false,,false,false,2017-08-25T20:00:00.000Z,0
CVE-2017-12816,https://securityvulnerability.io/vulnerability/CVE-2017-12816,,"In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.",Kaspersky,Kaspersky Kaspersky Internet Security For Android 11.12.4.1622,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2017-08-25T20:00:00.000Z,0
CVE-2016-4304,https://securityvulnerability.io/vulnerability/CVE-2016-4304,,A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability.,Kaspersky,Internet Security,5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2017-01-06T21:00:00.000Z,0
CVE-2016-4307,https://securityvulnerability.io/vulnerability/CVE-2016-4307,,A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user-mode to trigger this vulnerability.,Kaspersky,Internet Security,5.5,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2017-01-06T21:00:00.000Z,0
CVE-2016-4305,https://securityvulnerability.io/vulnerability/CVE-2016-4305,,A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability.,Kaspersky,Internet Security,5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2017-01-06T21:00:00.000Z,0
CVE-2014-5654,https://securityvulnerability.io/vulnerability/CVE-2014-5654,,"The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",Kaspersky,Kaspersky Internet Security,,,0.0007099999929778278,false,false,false,false,,false,false,2014-09-09T01:00:00.000Z,0
CVE-2010-5163,https://securityvulnerability.io/vulnerability/CVE-2010-5163,,"Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.  NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute",Kaspersky,Kaspersky Internet Security 2010,,,0.0004199999966658652,false,false,false,false,,false,false,2012-08-25T21:55:00.000Z,0
CVE-2009-4452,https://securityvulnerability.io/vulnerability/CVE-2009-4452,,"Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.",kaspersky,"Kaspersky Anti-virus Personal,Kaspersky Anti-virus 2009,Kaspersky Anti-virus,Kaspersky Anti-virus 2010,Kaspersky Internet Security 2010,Kaspersky Internet Security 2009,Kaspersky Internet Security",,,0.0004199999966658652,false,false,false,false,,false,false,2009-12-29T20:15:00.000Z,0
CVE-2009-2966,https://securityvulnerability.io/vulnerability/CVE-2009-2966,,"avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot ""."" characters.",Kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.17339999973773956,false,false,false,false,,false,false,2009-08-25T17:00:00.000Z,0
CVE-2009-2647,https://securityvulnerability.io/vulnerability/CVE-2009-2647,,"Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to ""an external script.""",Kaspersky,"Kaspersky Internet Security,Kaspersky Anti-virus",,,0.01819000020623207,false,false,false,false,,false,false,2009-07-30T19:00:00.000Z,0
CVE-2008-5426,https://securityvulnerability.io/vulnerability/CVE-2008-5426,,"Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many ""Content-type: message/rfc822;"" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.",kaspersky,Kaspersky Internet Security Suite,,,0.006899999920278788,false,false,false,false,,false,false,2008-12-11T15:00:00.000Z,0
CVE-2008-1518,https://securityvulnerability.io/vulnerability/CVE-2008-1518,,Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call.,kaspersky,"Kaspersky Internet Security,Kaspersky Anti-virus",,,0.0004199999966658652,false,false,false,false,,false,false,2008-06-05T20:21:00.000Z,0
CVE-2007-5086,https://securityvulnerability.io/vulnerability/CVE-2007-5086,,"Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks.  NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1.  NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that ""it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.""",kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.0004199999966658652,false,false,false,false,,false,false,2007-09-26T10:00:00.000Z,0
CVE-2007-5043,https://securityvulnerability.io/vulnerability/CVE-2007-5043,,"Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to (1) cause a denial of service (crash) and possibly gain privileges via the NtCreateSection kernel SSDT hook or (2) cause a denial of service (avp.exe service outage) via the NtLoadDriver kernel SSDT hook.  NOTE: this issue may partially overlap CVE-2006-3074.",kaspersky,Kaspersky Internet Security,,,0.0004199999966658652,false,false,false,false,,false,false,2007-09-24T00:00:00.000Z,0
CVE-2007-1880,https://securityvulnerability.io/vulnerability/CVE-2007-1880,,"Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned ""data size argument,"" which results in a heap overflow.",kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.0010499999625608325,false,false,false,false,,false,false,2007-04-06T00:00:00.000Z,0
CVE-2007-1112,https://securityvulnerability.io/vulnerability/CVE-2007-1112,,"Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to ""download"" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.",kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.04222999885678291,false,false,false,false,,false,false,2007-04-06T00:00:00.000Z,0
CVE-2007-0445,https://securityvulnerability.io/vulnerability/CVE-2007-0445,,"Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives.",kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.47804999351501465,false,false,false,false,,false,false,2007-04-06T00:00:00.000Z,0
CVE-2007-1879,https://securityvulnerability.io/vulnerability/CVE-2007-1879,,The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command.  NOTE: this issue might be related to CVE-2007-1112.,kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.018300000578165054,false,false,false,false,,false,false,2007-04-06T00:00:00.000Z,0