cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-13614,https://securityvulnerability.io/vulnerability/CVE-2024-13614,Kernel Memory Buffer Vulnerability in Kaspersky Products,"Kaspersky has identified a memory corruption vulnerability across multiple products that allows an authenticated attacker to overwrite data beyond a designated kernel memory buffer, potentially compromising system integrity. The issue has been addressed through automatic updates for all Kaspersky Endpoint products to ensure seamless protection for users.",Kaspersky,"Kaspersky Anti-virus Sdk For Windows,Kaspersky Security For Virtualization Light Agent,Kaspersky Endpoint Security For Windows,Kaspersky Small Office Security,Kaspersky For Windows (standard, Plus, Premium),Kaspersky Free,Kaspersky Anti-virus,Kaspersky Internet Security,Kaspersky Security Cloud,Kaspersky Safe Kids,Kaspersky Anti-ransomware Tool",5.3,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-06T16:13:08.173Z,false,false,false,,2025-02-06T16:13:08.173Z,0
CVE-2021-27223,https://securityvulnerability.io/vulnerability/CVE-2021-27223,Denial-of-Service Vulnerability in Kaspersky Anti-Virus and Endpoint Security,"A denial-of-service vulnerability was found in Kaspersky Anti-Virus and Kaspersky Endpoint Security, allowing a local user to trigger system crashes by executing a specially designed binary module. The flaw posed a risk to users by potentially leading to significant system downtime. Kaspersky has addressed this issue with an automatic fix, ensuring enhanced protection against future exploits. Security researchers and developers credited with identifying and addressing this vulnerability have advanced the safety and integrity of Kaspersky products.",Kaspersky,Kaspersky Anti-virus Products For Home And Kaspersky Endpoint Security,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-04-01T23:15:00.000Z,0
CVE-2022-27534,https://securityvulnerability.io/vulnerability/CVE-2022-27534,Data Parsing Flaw in Kaspersky Products for Home and Endpoint Security,"A vulnerability in Kaspersky Anti-Virus and Kaspersky Endpoint Security products allowed arbitrary code execution due to a flaw in the data parsing module. This issue affected antivirus database versions released prior to 12 March 2022, posing a potential risk to user systems. Kaspersky has since implemented an automatic fix to address this issue.",Kaspersky,Kaspersky Anti-virus Products For Home And Kaspersky Endpoint Security,9.8,CRITICAL,0.005619999952614307,false,,false,false,false,,,false,false,,2022-04-01T23:15:00.000Z,0
CVE-2019-15687,https://securityvulnerability.io/vulnerability/CVE-2019-15687,Information Disclosure Vulnerability in Kaspersky Anti-Virus and Related Products,"Certain Kaspersky products, including Kaspersky Anti-Virus, Internet Security, Total Security, Free Anti-Virus, Small Office Security, and Security Cloud up to the year 2020, exhibit a vulnerability in their web protection component. This vulnerability allows for remote disclosure of sensitive information regarding the user's system, such as the Windows version, the specific product version, and a unique host identifier. Attackers could exploit this weakness to gain insights into the system's configuration and potentially target the users.",Kaspersky,"Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-virus, Kaspersky Small Office Security, Kaspersky Security Cloud",6.5,MEDIUM,0.004110000096261501,false,,false,false,false,,,false,false,,2019-11-26T15:45:17.000Z,0
CVE-2019-15686,https://securityvulnerability.io/vulnerability/CVE-2019-15686,Remote Attack Vulnerabilities in Kaspersky Security Products,"The web protection component of Kaspersky security solutions is susceptible to vulnerabilities that enable remote attackers to disable critical antivirus features. This could potentially lead to a denial-of-service condition and evasion of security protocols, increasing the risk of malicious activity on affected systems. Users are advised to update their Kaspersky products to mitigate this issue.",Kaspersky,"Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-virus, Kaspersky Small Office Security, Kaspersky Security Cloud",4.3,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2019-11-26T15:44:49.000Z,0
CVE-2019-15685,https://securityvulnerability.io/vulnerability/CVE-2019-15685,Remote Security Feature Bypass in Kaspersky Products,"An issue in Kaspersky's web protection component allowed attackers to remotely disable critical security features, such as private browsing and anti-banner options, in various Kaspersky products released up to 2020. This vulnerability poses a significant risk as it undermines the core functionalities intended to protect users from online threats. Effective measures should be taken to address this vulnerability and safeguard systems.",Kaspersky,"Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-virus, Kaspersky Small Office Security, Kaspersky Security Cloud",4.3,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2019-11-26T15:44:19.000Z,0
CVE-2019-15688,https://securityvulnerability.io/vulnerability/CVE-2019-15688,Web Protection Bypass in Kaspersky Products,"The web protection component in various Kaspersky products fails to adequately alert users regarding the risks associated with redirecting to potentially harmful sites. This weakness could allow attackers to bypass security measures, exposing users to untrusted domains without proper warnings, thus compromising the integrity of the users' browsing experience.",Kaspersky,"Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-virus, Kaspersky Small Office Security, Kaspersky Security Cloud",6.1,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2019-11-26T15:32:17.000Z,0
CVE-2019-8286,https://securityvulnerability.io/vulnerability/CVE-2019-8286,Information Disclosure in Kaspersky Products,"A vulnerability in Kaspersky Anti-Virus, Kaspersky Internet Security, and Kaspersky Total Security could allow for information disclosure of unique Product IDs. This occurs when a user is coerced into visiting a malicious or specially crafted webpage, potentially through phishing tactics. This underscores the importance of user awareness and robust security measures to protect sensitive data from exploitation.",Kaspersky,"Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security",4.3,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2019-07-18T18:34:15.000Z,0
CVE-2009-4452,https://securityvulnerability.io/vulnerability/CVE-2009-4452,,"Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.",kaspersky,"Kaspersky Anti-virus Personal,Kaspersky Anti-virus 2009,Kaspersky Anti-virus,Kaspersky Anti-virus 2010,Kaspersky Internet Security 2010,Kaspersky Internet Security 2009,Kaspersky Internet Security",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2009-12-29T20:15:00.000Z,0
CVE-2009-4114,https://securityvulnerability.io/vulnerability/CVE-2009-4114,,"kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl.",Kaspersky,Kaspersky Anti-virus,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2009-11-30T21:00:00.000Z,0
CVE-2009-3177,https://securityvulnerability.io/vulnerability/CVE-2009-3177,,"Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) ""Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)"" and (2) ""Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)."" NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.",Kaspersky,"Kaspersky Anti-virus Scanner,Kaspersky Online Scanner",,,0.0033199999015778303,false,,false,false,false,,,false,false,,2009-09-11T20:30:00.000Z,0
CVE-2009-2966,https://securityvulnerability.io/vulnerability/CVE-2009-2966,,"avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot ""."" characters.",Kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.17339999973773956,false,,false,false,false,,,false,false,,2009-08-25T17:00:00.000Z,0
CVE-2009-2647,https://securityvulnerability.io/vulnerability/CVE-2009-2647,,"Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to ""an external script.""",Kaspersky,"Kaspersky Internet Security,Kaspersky Anti-virus",,,0.01819000020623207,false,,false,false,false,,,false,false,,2009-07-30T19:00:00.000Z,0
CVE-2009-0449,https://securityvulnerability.io/vulnerability/CVE-2009-0449,,Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.,kaspersky,Kaspersky Anti-virus,,,0.0011699999449774623,false,,false,false,false,,,false,false,,2009-02-10T07:00:00.000Z,0
CVE-2008-1518,https://securityvulnerability.io/vulnerability/CVE-2008-1518,,Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call.,kaspersky,"Kaspersky Internet Security,Kaspersky Anti-virus",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2008-06-05T20:21:00.000Z,0
CVE-2007-5086,https://securityvulnerability.io/vulnerability/CVE-2007-5086,,"Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks.  NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1.  NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that ""it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.""",kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2007-09-26T10:00:00.000Z,0
CVE-2007-3906,https://securityvulnerability.io/vulnerability/CVE-2007-3906,,Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors.  NOTE: it is not clear whether there is an attacker role.,kaspersky,Kaspersky Anti-virus 5.5 For Check Point Firewall-,,,0.004749999847263098,false,,false,false,false,,,false,false,,2007-07-19T17:00:00.000Z,0
CVE-2007-1879,https://securityvulnerability.io/vulnerability/CVE-2007-1879,,The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command.  NOTE: this issue might be related to CVE-2007-1112.,kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.018300000578165054,false,,false,false,false,,,false,false,,2007-04-06T00:00:00.000Z,0
CVE-2007-1880,https://securityvulnerability.io/vulnerability/CVE-2007-1880,,"Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned ""data size argument,"" which results in a heap overflow.",kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.0010499999625608325,false,,false,false,false,,,false,false,,2007-04-06T00:00:00.000Z,0
CVE-2007-1112,https://securityvulnerability.io/vulnerability/CVE-2007-1112,,"Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to ""download"" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.",kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.04222999885678291,false,,false,false,false,,,false,false,,2007-04-06T00:00:00.000Z,0
CVE-2007-0445,https://securityvulnerability.io/vulnerability/CVE-2007-0445,,"Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives.",kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.47804999351501465,false,,false,false,false,,,false,false,,2007-04-06T00:00:00.000Z,0
CVE-2007-1881,https://securityvulnerability.io/vulnerability/CVE-2007-1881,,"Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.",kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2007-04-06T00:00:00.000Z,0
CVE-2006-6408,https://securityvulnerability.io/vulnerability/CVE-2006-6408,,"Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.",kaspersky,Kaspersky Anti-virus,,,0.004980000201612711,false,,false,false,false,,,false,false,,2006-12-10T02:00:00.000Z,0
CVE-2006-4926,https://securityvulnerability.io/vulnerability/CVE-2006-4926,,"The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL.",kaspersky,"Kaspersky Anti-virus Personal Pro,Kaspersky Anti-virus Personal,Kaspersky Anti-virus,Kaspersky Internet Security",,,0.007530000060796738,false,,false,false,false,,,false,false,,2006-10-20T22:00:00.000Z,0
CVE-2006-3074,https://securityvulnerability.io/vulnerability/CVE-2006-3074,,"klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.",Kaspersky,"Kaspersky Anti-virus,Kaspersky Internet Security",,,0.011730000376701355,false,,false,false,false,,,false,false,,2006-06-19T10:00:00.000Z,0