cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-13614,https://securityvulnerability.io/vulnerability/CVE-2024-13614,Kernel Memory Buffer Vulnerability in Kaspersky Products,"Kaspersky has identified a memory corruption vulnerability across multiple products that allows an authenticated attacker to overwrite data beyond a designated kernel memory buffer, potentially compromising system integrity. The issue has been addressed through automatic updates for all Kaspersky Endpoint products to ensure seamless protection for users.",Kaspersky,"Kaspersky Anti-virus Sdk For Windows,Kaspersky Security For Virtualization Light Agent,Kaspersky Endpoint Security For Windows,Kaspersky Small Office Security,Kaspersky For Windows (standard, Plus, Premium),Kaspersky Free,Kaspersky Anti-virus,Kaspersky Internet Security,Kaspersky Security Cloud,Kaspersky Safe Kids,Kaspersky Anti-ransomware Tool",5.3,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-06T16:13:08.173Z,false,false,false,,2025-02-06T16:13:08.173Z,0
CVE-2023-23349,https://securityvulnerability.io/vulnerability/CVE-2023-23349,Kaspersky Fixes Security Issue in Password Manager Allowing Credentials Recovery,"A security issue has been identified in Kaspersky Password Manager for Windows that permits a local user to retrieve auto-filled credentials through a memory dump while the KPM extension for Google Chrome is active. To exploit this vulnerability, an attacker can entice a user into interacting with a malicious login form that auto-fills saved credentials from Kaspersky Password Manager. Following this, the attacker must deploy a malware component to extract the specified credentials, which may lead to unauthorized access and compromise of sensitive user information.",Kaspersky,Kaspersky Password Manager For Windows,2.2,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-22T16:15:55.200Z,0
CVE-2024-1619,https://securityvulnerability.io/vulnerability/CVE-2024-1619,Kaspersky Fixes Security Issue in Linux Mail Server Software,Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions.,Kaspersky,Kaspersky Security For Linux Mail Server 8,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-29T09:22:03.588Z,0
CVE-2022-27535,https://securityvulnerability.io/vulnerability/CVE-2022-27535,Arbitrary File Deletion Vulnerability in Kaspersky VPN Secure Connection for Windows,"Kaspersky VPN Secure Connection for Windows (versions up to 21.5) contains a vulnerability that allows local authenticated attackers to exploit the 'Delete All Service Data And Reports' feature. This could lead to arbitrary file deletion, enabling unauthorized access or modification of sensitive data, thereby compromising system integrity and security. Users of the affected versions are advised to update to the latest version to mitigate this risk.",Kaspersky,Kaspersky Vpn Secure Connection For Windows,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-08-05T16:47:46.000Z,0
CVE-2021-27223,https://securityvulnerability.io/vulnerability/CVE-2021-27223,Denial-of-Service Vulnerability in Kaspersky Anti-Virus and Endpoint Security,"A denial-of-service vulnerability was found in Kaspersky Anti-Virus and Kaspersky Endpoint Security, allowing a local user to trigger system crashes by executing a specially designed binary module. The flaw posed a risk to users by potentially leading to significant system downtime. Kaspersky has addressed this issue with an automatic fix, ensuring enhanced protection against future exploits. Security researchers and developers credited with identifying and addressing this vulnerability have advanced the safety and integrity of Kaspersky products.",Kaspersky,Kaspersky Anti-virus Products For Home And Kaspersky Endpoint Security,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-04-01T23:15:00.000Z,0
CVE-2022-27534,https://securityvulnerability.io/vulnerability/CVE-2022-27534,Data Parsing Flaw in Kaspersky Products for Home and Endpoint Security,"A vulnerability in Kaspersky Anti-Virus and Kaspersky Endpoint Security products allowed arbitrary code execution due to a flaw in the data parsing module. This issue affected antivirus database versions released prior to 12 March 2022, posing a potential risk to user systems. Kaspersky has since implemented an automatic fix to address this issue.",Kaspersky,Kaspersky Anti-virus Products For Home And Kaspersky Endpoint Security,9.8,CRITICAL,0.005619999952614307,false,,false,false,false,,,false,false,,2022-04-01T23:15:00.000Z,0
CVE-2021-35052,https://securityvulnerability.io/vulnerability/CVE-2021-35052,Process Elevation Vulnerability in Kaspersky Password Manager,A vulnerability within Kaspersky Password Manager allows an attacker to escalate a process's integrity level from Medium to High. This could enable malicious actors to execute unauthorized actions and access sensitive information that would otherwise be protected. Users are encouraged to apply software updates provided by Kaspersky to mitigate the risks associated with this vulnerability.,Kaspersky,Kaspersky Password Manager For Windows,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-11-23T15:30:38.000Z,0
CVE-2021-35053,https://securityvulnerability.io/vulnerability/CVE-2021-35053,Denial of Service Vulnerability in Firefox Browser,"A vulnerability exists in the Firefox browser that may allow an attacker to alter specific browser parameters. By modifying these parameters and subsequently rebooting the system, the attacker can render the system unbootable. This poses a significant risk to users, as it may result in a complete disruption of access to the affected systems, highlighting the importance of maintaining updated security practices and browser configurations.",Kaspersky,Kaspersky Endpoint Security For Windows,7.5,HIGH,0.005940000060945749,false,,false,false,false,,,false,false,,2021-11-03T19:11:26.000Z,0
CVE-2020-27020,https://securityvulnerability.io/vulnerability/CVE-2020-27020,Weak Password Generation in Kaspersky Password Manager,"The password generator feature in Kaspersky Password Manager has been identified as having weaknesses in its cryptographic strength. This deficiency may allow an attacker, who possesses certain contextual knowledge such as the timing of password generation, to potentially predict the generated passwords. Users dependent on this feature should be aware of this limitation and consider implementing additional security measures to safeguard against possible password exposure.",Kaspersky,"Kaspersky Password Manager For Windows, Kaspersky Password Manager For Android, Kaspersky Password Manager For iOS",7.5,HIGH,0.0018599999602884054,false,,false,false,false,,,false,false,,2021-05-14T11:00:04.000Z,0
CVE-2021-26718,https://securityvulnerability.io/vulnerability/CVE-2021-26718,Anti-Virus Bypass Vulnerability in KIS for macOS by Kaspersky,"Kaspersky Internet Security for macOS was identified to have a vulnerability that permits potential attackers to bypass the anti-virus protection in specific scenarios. This flaw could compromise the integrity of the endpoint, allowing malicious entities to disable security measures without detection, thereby increasing the risk of malware infections and unauthorized access.",Kaspersky,Kaspersky Internet Security For Mac,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-04-01T18:00:59.000Z,0
CVE-2020-36200,https://securityvulnerability.io/vulnerability/CVE-2020-36200,HTTP Request Vulnerability in TinyCheck by Kaspersky Lab,"A security flaw in TinyCheck allows an authenticated attacker to craft and send an HTTP GET request to specially designed URLs. This vulnerability can potentially enable unauthorized access and manipulation, posing a significant risk to the integrity and confidentiality of the affected web applications.",Kaspersky,Kaspersky Tinycheck,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-01-26T18:15:00.000Z,0
CVE-2020-36199,https://securityvulnerability.io/vulnerability/CVE-2020-36199,Command Injection Vulnerability in TinyCheck Product by Kaspersky Lab,"TinyCheck by Kaspersky Lab is susceptible to command injection vulnerabilities due to improper validation of input parameters in multiple instances. This flaw allows attackers to potentially execute arbitrary commands in the context of the application, raising concerns over security in software development practices.",Kaspersky,Kaspersky Tinycheck,9.8,CRITICAL,0.0016199999954551458,false,,false,false,false,,,false,false,,2021-01-26T18:15:00.000Z,0
CVE-2020-35929,https://securityvulnerability.io/vulnerability/CVE-2020-35929,Security Flaw in TinyCheck Tool by Kaspersky Lab,"The installation script of TinyCheck prior to specific commits contains hard-coded credentials, creating potential loopholes for attackers to gain unauthorized access to sensitive backend components of the tool. This exposure can lead to unauthorized access to remote data, thus compromising the security integrity of the application.",Kaspersky,Tinycheck,9.8,CRITICAL,0.0016400000313296914,false,,false,false,false,,,false,false,,2021-01-19T16:53:36.000Z,0
CVE-2020-28950,https://securityvulnerability.io/vulnerability/CVE-2020-28950,DLL Hijacking Vulnerability in Kaspersky Anti-Ransomware Tool Installer,"The installer for Kaspersky Anti-Ransomware Tool prior to KART 4.0 Patch C is susceptible to a DLL hijacking vulnerability. This flaw allows attackers to manipulate the installation process, potentially enabling them to execute arbitrary code with elevated privileges. As a result, unauthorized access to system resources could occur during the installation phase, posing significant security risks to affected users.",Kaspersky,Kaspersky Anti-ransomware Tool,7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-12-04T21:11:56.000Z,0
CVE-2020-25044,https://securityvulnerability.io/vulnerability/CVE-2020-25044,Arbitrary File Corruption Vulnerability in Kaspersky Virus Removal Tool,"The Kaspersky Virus Removal Tool, specifically versions prior to 15.0.23.0, is vulnerable to an arbitrary file corruption flaw. This vulnerability may allow an attacker to manipulate and eliminate the contents of any file on the affected system, posing significant risks to data integrity and security.",Kaspersky,Kaspersky Virus Removal Tool,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-09-02T19:29:54.000Z,0
CVE-2020-25043,https://securityvulnerability.io/vulnerability/CVE-2020-25043,Arbitrary File Deletion Vulnerability in Kaspersky VPN Secure Connection,The installer for Kaspersky VPN Secure Connection versions earlier than 5.0 contains a vulnerability that permits unauthorized users to delete any file from a target system. This flaw could be exploited by attackers to compromise system integrity and remove critical files. Vigilance and prompt updates are essential to safeguarding against this type of threat.,Kaspersky,Kaspersky Vpn Secure Connection,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-09-02T19:28:24.000Z,0
CVE-2020-25045,https://securityvulnerability.io/vulnerability/CVE-2020-25045,DLL Hijacking Vulnerability in Kaspersky Security Center and Web Console,"Kaspersky Security Center and its Web Console faced a critical issue where attackers could exploit a DLL hijacking flaw. This vulnerability permitted unauthorized elevation of privileges, allowing potential attackers to gain higher access within the system. It is essential for users of affected versions to apply security patches promptly to mitigate the risk of exploitation.",Kaspersky,Kaspersky Security Center & Kaspersky Security Center Web Console,7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-09-02T19:25:10.000Z,0
CVE-2019-15695,https://securityvulnerability.io/vulnerability/CVE-2019-15695,Stack Buffer Overflow Vulnerability in TigerVNC Software by TigerVNC,"TigerVNC, an open-source implementation of VNC server and client, is prone to a stack buffer overflow vulnerability in versions prior to 1.10.1. The flaw arises from inadequate sanitization of the PixelFormat data in CMsgReader::readSetCursor function. This weakness allows an attacker to manipulate the buffer offset during network connectivity, leading to potential remote code execution. Proper updating to version 1.10.1 or later is crucial to mitigate this risk.",Kaspersky,Tigervnc,7.2,HIGH,0.0040799998678267,false,,false,false,false,,,false,false,,2019-12-26T15:24:00.000Z,0
CVE-2019-15694,https://securityvulnerability.io/vulnerability/CVE-2019-15694,Heap Buffer Overflow in TigerVNC Versions Prior to 1.10.1,"TigerVNC versions prior to 1.10.1 are affected by a heap buffer overflow vulnerability that occurs within the DecodeManager::decodeRect function. This security flaw arises from a signedness error during the processing of MemOutStream, which could allow an attacker to exploit the vulnerability through network connectivity. Successful exploitation may lead to remote code execution, posing significant risks to affected systems.",Kaspersky,Tigervnc,7.2,HIGH,0.0037799999117851257,false,,false,false,false,,,false,false,,2019-12-26T14:59:01.000Z,0
CVE-2019-15693,https://securityvulnerability.io/vulnerability/CVE-2019-15693,Heap Buffer Overflow in TigerVNC Prior to 1.10.1,"TigerVNC prior to version 1.10.1 contains a heap buffer overflow vulnerability in the TightDecoder::FilterGradient function. This flaw can be exploited over a network, potentially allowing an attacker to execute arbitrary code remotely, compromising the security of affected systems. Users are encouraged to upgrade to the latest version to mitigate this risk.",Kaspersky,Tigervnc,7.2,HIGH,0.0029899999499320984,false,,false,false,false,,,false,false,,2019-12-26T14:57:33.000Z,0
CVE-2019-15692,https://securityvulnerability.io/vulnerability/CVE-2019-15692,Heap Buffer Overflow Vulnerability in TigerVNC Software by Cendio,"TigerVNC versions earlier than 1.10.1 are susceptible to a heap buffer overflow, stemming from inadequate value checks within the CopyRectDecoder function. This vulnerability could be exploited remotely, potentially allowing attackers to execute arbitrary code on affected systems through network connectivity.",Kaspersky,Tigervnc,7.2,HIGH,0.0029899999499320984,false,,false,false,false,,,false,false,,2019-12-26T14:55:47.000Z,0
CVE-2019-15691,https://securityvulnerability.io/vulnerability/CVE-2019-15691,Stack Use-After-Return Vulnerability in TigerVNC,"TigerVNC versions prior to 1.10.1 are affected by a stack use-after-return vulnerability due to improper handling of stack memory in the ZRLEDecoder. When the decoding routine encounters an exception, it may attempt to access a stack variable that has already been deallocated during stack unwinding. This flaw could allow an attacker to execute arbitrary code remotely, especially if exploited over a network connection.",Kaspersky,Tigervnc,7.2,HIGH,0.008349999785423279,false,,false,false,false,,,false,false,,2019-12-26T14:52:46.000Z,0
CVE-2019-15689,https://securityvulnerability.io/vulnerability/CVE-2019-15689,Code Execution Vulnerability in Kaspersky Products Exposes Users,"A vulnerability in Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, and Kaspersky Security Cloud allows a local user to execute arbitrary code. This flaw occurs when an attacker, with administrator rights, places a compromised file on the system. The vulnerability may also enable bypassing certain whitelisting mechanisms, which could undermine the effectiveness of some security features.",Kaspersky,"Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud",6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-12-02T20:43:52.000Z,0
CVE-2019-15687,https://securityvulnerability.io/vulnerability/CVE-2019-15687,Information Disclosure Vulnerability in Kaspersky Anti-Virus and Related Products,"Certain Kaspersky products, including Kaspersky Anti-Virus, Internet Security, Total Security, Free Anti-Virus, Small Office Security, and Security Cloud up to the year 2020, exhibit a vulnerability in their web protection component. This vulnerability allows for remote disclosure of sensitive information regarding the user's system, such as the Windows version, the specific product version, and a unique host identifier. Attackers could exploit this weakness to gain insights into the system's configuration and potentially target the users.",Kaspersky,"Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-virus, Kaspersky Small Office Security, Kaspersky Security Cloud",6.5,MEDIUM,0.004110000096261501,false,,false,false,false,,,false,false,,2019-11-26T15:45:17.000Z,0
CVE-2019-15686,https://securityvulnerability.io/vulnerability/CVE-2019-15686,Remote Attack Vulnerabilities in Kaspersky Security Products,"The web protection component of Kaspersky security solutions is susceptible to vulnerabilities that enable remote attackers to disable critical antivirus features. This could potentially lead to a denial-of-service condition and evasion of security protocols, increasing the risk of malicious activity on affected systems. Users are advised to update their Kaspersky products to mitigate this issue.",Kaspersky,"Kaspersky Anti-virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-virus, Kaspersky Small Office Security, Kaspersky Security Cloud",4.3,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2019-11-26T15:44:49.000Z,0