cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-27535,https://securityvulnerability.io/vulnerability/CVE-2022-27535,Arbitrary File Deletion Vulnerability in Kaspersky VPN Secure Connection for Windows,"Kaspersky VPN Secure Connection for Windows (versions up to 21.5) contains a vulnerability that allows local authenticated attackers to exploit the 'Delete All Service Data And Reports' feature. This could lead to arbitrary file deletion, enabling unauthorized access or modification of sensitive data, thereby compromising system integrity and security. Users of the affected versions are advised to update to the latest version to mitigate this risk.",Kaspersky,Kaspersky Vpn Secure Connection For Windows,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-08-05T16:47:46.000Z,0
CVE-2022-27534,https://securityvulnerability.io/vulnerability/CVE-2022-27534,Data Parsing Flaw in Kaspersky Products for Home and Endpoint Security,"A vulnerability in Kaspersky Anti-Virus and Kaspersky Endpoint Security products allowed arbitrary code execution due to a flaw in the data parsing module. This issue affected antivirus database versions released prior to 12 March 2022, posing a potential risk to user systems. Kaspersky has since implemented an automatic fix to address this issue.",Kaspersky,Kaspersky Anti-virus Products For Home And Kaspersky Endpoint Security,9.8,CRITICAL,0.005619999952614307,false,,false,false,false,,,false,false,,2022-04-01T23:15:00.000Z,0
CVE-2021-35052,https://securityvulnerability.io/vulnerability/CVE-2021-35052,Process Elevation Vulnerability in Kaspersky Password Manager,A vulnerability within Kaspersky Password Manager allows an attacker to escalate a process's integrity level from Medium to High. This could enable malicious actors to execute unauthorized actions and access sensitive information that would otherwise be protected. Users are encouraged to apply software updates provided by Kaspersky to mitigate the risks associated with this vulnerability.,Kaspersky,Kaspersky Password Manager For Windows,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-11-23T15:30:38.000Z,0
CVE-2021-35053,https://securityvulnerability.io/vulnerability/CVE-2021-35053,Denial of Service Vulnerability in Firefox Browser,"A vulnerability exists in the Firefox browser that may allow an attacker to alter specific browser parameters. By modifying these parameters and subsequently rebooting the system, the attacker can render the system unbootable. This poses a significant risk to users, as it may result in a complete disruption of access to the affected systems, highlighting the importance of maintaining updated security practices and browser configurations.",Kaspersky,Kaspersky Endpoint Security For Windows,7.5,HIGH,0.005940000060945749,false,,false,false,false,,,false,false,,2021-11-03T19:11:26.000Z,0
CVE-2020-27020,https://securityvulnerability.io/vulnerability/CVE-2020-27020,Weak Password Generation in Kaspersky Password Manager,"The password generator feature in Kaspersky Password Manager has been identified as having weaknesses in its cryptographic strength. This deficiency may allow an attacker, who possesses certain contextual knowledge such as the timing of password generation, to potentially predict the generated passwords. Users dependent on this feature should be aware of this limitation and consider implementing additional security measures to safeguard against possible password exposure.",Kaspersky,"Kaspersky Password Manager For Windows, Kaspersky Password Manager For Android, Kaspersky Password Manager For iOS",7.5,HIGH,0.0018599999602884054,false,,false,false,false,,,false,false,,2021-05-14T11:00:04.000Z,0
CVE-2020-36199,https://securityvulnerability.io/vulnerability/CVE-2020-36199,Command Injection Vulnerability in TinyCheck Product by Kaspersky Lab,"TinyCheck by Kaspersky Lab is susceptible to command injection vulnerabilities due to improper validation of input parameters in multiple instances. This flaw allows attackers to potentially execute arbitrary commands in the context of the application, raising concerns over security in software development practices.",Kaspersky,Kaspersky Tinycheck,9.8,CRITICAL,0.0016199999954551458,false,,false,false,false,,,false,false,,2021-01-26T18:15:00.000Z,0
CVE-2020-35929,https://securityvulnerability.io/vulnerability/CVE-2020-35929,Security Flaw in TinyCheck Tool by Kaspersky Lab,"The installation script of TinyCheck prior to specific commits contains hard-coded credentials, creating potential loopholes for attackers to gain unauthorized access to sensitive backend components of the tool. This exposure can lead to unauthorized access to remote data, thus compromising the security integrity of the application.",Kaspersky,Tinycheck,9.8,CRITICAL,0.0016400000313296914,false,,false,false,false,,,false,false,,2021-01-19T16:53:36.000Z,0
CVE-2020-28950,https://securityvulnerability.io/vulnerability/CVE-2020-28950,DLL Hijacking Vulnerability in Kaspersky Anti-Ransomware Tool Installer,"The installer for Kaspersky Anti-Ransomware Tool prior to KART 4.0 Patch C is susceptible to a DLL hijacking vulnerability. This flaw allows attackers to manipulate the installation process, potentially enabling them to execute arbitrary code with elevated privileges. As a result, unauthorized access to system resources could occur during the installation phase, posing significant security risks to affected users.",Kaspersky,Kaspersky Anti-ransomware Tool,7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-12-04T21:11:56.000Z,0
CVE-2020-25044,https://securityvulnerability.io/vulnerability/CVE-2020-25044,Arbitrary File Corruption Vulnerability in Kaspersky Virus Removal Tool,"The Kaspersky Virus Removal Tool, specifically versions prior to 15.0.23.0, is vulnerable to an arbitrary file corruption flaw. This vulnerability may allow an attacker to manipulate and eliminate the contents of any file on the affected system, posing significant risks to data integrity and security.",Kaspersky,Kaspersky Virus Removal Tool,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-09-02T19:29:54.000Z,0
CVE-2020-25043,https://securityvulnerability.io/vulnerability/CVE-2020-25043,Arbitrary File Deletion Vulnerability in Kaspersky VPN Secure Connection,The installer for Kaspersky VPN Secure Connection versions earlier than 5.0 contains a vulnerability that permits unauthorized users to delete any file from a target system. This flaw could be exploited by attackers to compromise system integrity and remove critical files. Vigilance and prompt updates are essential to safeguarding against this type of threat.,Kaspersky,Kaspersky Vpn Secure Connection,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-09-02T19:28:24.000Z,0
CVE-2020-25045,https://securityvulnerability.io/vulnerability/CVE-2020-25045,DLL Hijacking Vulnerability in Kaspersky Security Center and Web Console,"Kaspersky Security Center and its Web Console faced a critical issue where attackers could exploit a DLL hijacking flaw. This vulnerability permitted unauthorized elevation of privileges, allowing potential attackers to gain higher access within the system. It is essential for users of affected versions to apply security patches promptly to mitigate the risk of exploitation.",Kaspersky,Kaspersky Security Center & Kaspersky Security Center Web Console,7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-09-02T19:25:10.000Z,0
CVE-2019-15695,https://securityvulnerability.io/vulnerability/CVE-2019-15695,Stack Buffer Overflow Vulnerability in TigerVNC Software by TigerVNC,"TigerVNC, an open-source implementation of VNC server and client, is prone to a stack buffer overflow vulnerability in versions prior to 1.10.1. The flaw arises from inadequate sanitization of the PixelFormat data in CMsgReader::readSetCursor function. This weakness allows an attacker to manipulate the buffer offset during network connectivity, leading to potential remote code execution. Proper updating to version 1.10.1 or later is crucial to mitigate this risk.",Kaspersky,Tigervnc,7.2,HIGH,0.0040799998678267,false,,false,false,false,,,false,false,,2019-12-26T15:24:00.000Z,0
CVE-2019-15694,https://securityvulnerability.io/vulnerability/CVE-2019-15694,Heap Buffer Overflow in TigerVNC Versions Prior to 1.10.1,"TigerVNC versions prior to 1.10.1 are affected by a heap buffer overflow vulnerability that occurs within the DecodeManager::decodeRect function. This security flaw arises from a signedness error during the processing of MemOutStream, which could allow an attacker to exploit the vulnerability through network connectivity. Successful exploitation may lead to remote code execution, posing significant risks to affected systems.",Kaspersky,Tigervnc,7.2,HIGH,0.0037799999117851257,false,,false,false,false,,,false,false,,2019-12-26T14:59:01.000Z,0
CVE-2019-15693,https://securityvulnerability.io/vulnerability/CVE-2019-15693,Heap Buffer Overflow in TigerVNC Prior to 1.10.1,"TigerVNC prior to version 1.10.1 contains a heap buffer overflow vulnerability in the TightDecoder::FilterGradient function. This flaw can be exploited over a network, potentially allowing an attacker to execute arbitrary code remotely, compromising the security of affected systems. Users are encouraged to upgrade to the latest version to mitigate this risk.",Kaspersky,Tigervnc,7.2,HIGH,0.0029899999499320984,false,,false,false,false,,,false,false,,2019-12-26T14:57:33.000Z,0
CVE-2019-15692,https://securityvulnerability.io/vulnerability/CVE-2019-15692,Heap Buffer Overflow Vulnerability in TigerVNC Software by Cendio,"TigerVNC versions earlier than 1.10.1 are susceptible to a heap buffer overflow, stemming from inadequate value checks within the CopyRectDecoder function. This vulnerability could be exploited remotely, potentially allowing attackers to execute arbitrary code on affected systems through network connectivity.",Kaspersky,Tigervnc,7.2,HIGH,0.0029899999499320984,false,,false,false,false,,,false,false,,2019-12-26T14:55:47.000Z,0
CVE-2019-15691,https://securityvulnerability.io/vulnerability/CVE-2019-15691,Stack Use-After-Return Vulnerability in TigerVNC,"TigerVNC versions prior to 1.10.1 are affected by a stack use-after-return vulnerability due to improper handling of stack memory in the ZRLEDecoder. When the decoding routine encounters an exception, it may attempt to access a stack variable that has already been deallocated during stack unwinding. This flaw could allow an attacker to execute arbitrary code remotely, especially if exploited over a network connection.",Kaspersky,Tigervnc,7.2,HIGH,0.008349999785423279,false,,false,false,false,,,false,false,,2019-12-26T14:52:46.000Z,0
CVE-2019-15683,https://securityvulnerability.io/vulnerability/CVE-2019-15683,Stack Buffer Overflow Vulnerability in TurboVNC Server by TurboVNC,"The TurboVNC Server contains a stack buffer overflow vulnerability that can lead to remote code execution. This flaw exists due to insufficient protection of the stack frame, which lacks a stack canary. Attackers could potentially exploit this vulnerability through network connectivity, provided they have the necessary authorization on the server. The issue has been addressed in a subsequent commit that mitigates the risk associated with this vulnerability.",Kaspersky,Turbovnc,9.8,CRITICAL,0.015809999778866768,false,,false,false,false,,,false,false,,2019-10-29T17:00:58.000Z,0
CVE-2019-15680,https://securityvulnerability.io/vulnerability/CVE-2019-15680,Denial of Service in TightVNC by Null Pointer Dereference,"TightVNC version 1.3.10 contains a vulnerability due to a null pointer dereference in the HandleZlibBPP function. This flaw can be exploited remotely, potentially resulting in a Denial of Service condition for affected systems. Users are advised to review their network configurations and security protocols to mitigate the risk of exploitation.",Kaspersky,Tightvnc,7.5,HIGH,0.00443999981507659,false,,false,false,false,,,false,false,,2019-10-29T16:45:52.000Z,0
CVE-2019-15679,https://securityvulnerability.io/vulnerability/CVE-2019-15679,Heap Buffer Overflow in TightVNC Affecting Code Version 1.3.10,"TightVNC version 1.3.10 is susceptible to a heap buffer overflow in the InitialiseRFBConnection function, potentially allowing attackers to execute arbitrary code. This vulnerability can be exploited remotely through network connections, posing serious security risks to systems running this version of TightVNC.",Kaspersky,Tightvnc,9.8,CRITICAL,0.01071999967098236,false,,false,false,false,,,false,false,,2019-10-29T16:45:04.000Z,0
CVE-2019-15678,https://securityvulnerability.io/vulnerability/CVE-2019-15678,Heap Buffer Overflow in TightVNC Remote Desktop Software,TightVNC version 1.3.10 is affected by a heap buffer overflow in the rfbServerCutText handler. This vulnerability may allow an attacker to execute arbitrary code on the target machine by exploiting the network connectivity. Proper security measures and updates are crucial to mitigate potential risks from this vulnerability.,Kaspersky,Tightvnc,9.8,CRITICAL,0.01071999967098236,false,,false,false,false,,,false,false,,2019-10-29T16:44:08.000Z,0
CVE-2019-8287,https://securityvulnerability.io/vulnerability/CVE-2019-8287,Global Buffer Overflow in TightVNC by GlavSoft,"The TightVNC application, specifically version 1.3.10 developed by GlavSoft, contains a vulnerability in the HandleCoRREBBP macro function that leads to a global buffer overflow. This flaw can be exploited remotely, potentially allowing an attacker to execute arbitrary code on systems running the affected software. Given its network accessibility, it poses significant risks to users who rely on TightVNC for remote desktop connections.",Kaspersky,Tightvnc,9.8,CRITICAL,0.015169999562203884,false,,false,false,false,,,false,false,,2019-10-29T16:43:30.000Z,0
CVE-2019-15681,https://securityvulnerability.io/vulnerability/CVE-2019-15681,Memory Leak in LibVNC Server Code Impacts Multiple Platforms,"A memory leak issue has been identified in the VNC server code of LibVNC, which may allow attackers to read stack memory. This vulnerability poses a risk of information disclosure and can be exploited over network connectivity. Moreover, when combined with other vulnerabilities, it may enable attackers to bypass Address Space Layout Randomization (ASLR) protections. A fix has been implemented in the commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a, addressing the vulnerabilities and securing the affected versions.",Kaspersky,Libvnc,7.5,HIGH,0.0038900000508874655,false,,false,false,false,,,false,false,,2019-10-29T16:04:51.000Z,0
CVE-2019-8285,https://securityvulnerability.io/vulnerability/CVE-2019-8285,Heap-Based Buffer Overflow in Kaspersky Lab Antivirus Engine,"The Kaspersky Lab Antivirus Engine, prior to April 4, 2019, contains a heap-based buffer overflow vulnerability that may enable an attacker to execute arbitrary code on the affected system. This vulnerability arises from improper handling of memory operations, potentially leading to unauthorized access or control over the victim's machine. User systems running unpatched versions of the antivirus software are particularly at risk, and updating to the latest version is strongly recommended.",Kaspersky,Kaspersky Antivirus Engine,8.8,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2019-05-08T17:45:04.000Z,0
CVE-2019-8265,https://securityvulnerability.io/vulnerability/CVE-2019-8265,,"UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1208.",Kaspersky,Ultravnc,9.8,CRITICAL,0.007379999849945307,false,,false,false,false,,,false,false,,2019-03-08T23:29:00.000Z,0
CVE-2019-8280,https://securityvulnerability.io/vulnerability/CVE-2019-8280,,"UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204.",Kaspersky,Ultravnc,9.8,CRITICAL,0.007379999849945307,false,,false,false,false,,,false,false,,2019-03-08T23:29:00.000Z,0