Search criteria
76 vulnerabilities by Kaspersky
CVE-2025-64984 (GCVE-0-2025-64984)
Vulnerability from cvelistv5 – Published: 2025-11-20 06:53 – Updated: 2025-11-20 15:42
VLAI?
Summary
Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint Security for Mac (12.0.0.325, 12.1.0.553, and 12.2.0.694 with anti-virus databases prior to 18.11.2025) that could have allowed a reflected XSS attack to be carried out by an attacker using phishing techniques.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Endpoint Security |
Affected:
12.0.0.325
Affected: 12.1.0.553 Unknown: 12.2.0.694 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T15:42:09.290134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T15:42:14.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Kaspersky Endpoint Security",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "12.0.0.325"
},
{
"status": "affected",
"version": "12.1.0.553"
},
{
"status": "unknown",
"version": "12.2.0.694"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Linux"
],
"product": "Kaspersky Endpoint Security",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"platforms": [
"Linux"
],
"product": "Kaspersky Industrial CyberSecurity for Linux Nodes",
"vendor": "Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint Security for Mac (12.0.0.325, 12.1.0.553, and 12.2.0.694 with anti-virus databases prior to 18.11.2025) that could have allowed a reflected XSS attack to be carried out by an attacker using phishing techniques."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T06:53:39.628Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "Advisory issued on November 18, 2025",
"tags": [
"vendor-advisory"
],
"url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#181125"
}
],
"solutions": [
{
"lang": "en",
"value": "Users should update anti-virus databases to use at least the version from 11/18/2025."
},
{
"lang": "en",
"value": "Users of Kaspersky Endpoint Security for Mac versions 12.0.0.325 and 12.1.0.553 are recommended to update the application to version 12.2.0.694 with the latest version of the anti-virus databases."
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-18T00:00:00.000Z",
"value": "Advisory published by Kaspersky"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2025-64984",
"datePublished": "2025-11-20T06:53:39.628Z",
"dateReserved": "2025-11-12T07:42:11.731Z",
"dateUpdated": "2025-11-20T15:42:14.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-13614 (GCVE-0-2024-13614)
Vulnerability from cvelistv5 – Published: 2025-02-06 16:13 – Updated: 2025-02-12 19:51
VLAI?
Summary
Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products.
Severity ?
5.3 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus SDK for Windows |
Affected:
8.10.1.1943 , ≤ 8.10.1.1943
(custom)
Affected: 8.10.1.1943 CF , ≤ 8.10.1.1943 CF (custom) |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Florian Schweins
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:34:12.660585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:51:09.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kaspersky Anti-Virus SDK for Windows",
"vendor": "Kaspersky",
"versions": [
{
"lessThanOrEqual": "8.10.1.1943",
"status": "affected",
"version": "8.10.1.1943",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.10.1.1943 CF",
"status": "affected",
"version": "8.10.1.1943 CF",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Kaspersky Security for Virtualization Light Agent",
"vendor": "Kaspersky",
"versions": [
{
"lessThan": "5.2.27.319",
"status": "affected",
"version": "5.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.2.27.319",
"status": "unknown",
"version": "5.2.27.319",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Endpoint Security for Windows",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Small Office Security",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky for Windows (Standard, Plus, Premium)",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Free",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Anti-Virus",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Internet Security",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Security Cloud",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Safe Kids",
"vendor": "Kaspersky"
},
{
"defaultStatus": "unknown",
"product": "Kaspersky Anti-Ransomware Tool",
"vendor": "Kaspersky"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Florian Schweins"
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products."
}
],
"exploits": [
{
"lang": "en",
"value": "There have been no recorded attempts to exploit this issue in the wild."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:16:54.229Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "Advisory issued on February 6, 2025",
"tags": [
"vendor-advisory"
],
"url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225"
}
],
"solutions": [
{
"lang": "en",
"value": "To fix the vulnerability, upgrade the KAV SDK for Windows to the following version: Kaspersky Anti-Virus Software Development Kit 8 Level 3 v. 8.10.2.2098. Contact your Technical Account Manager to obtain the necessary instructions."
},
{
"lang": "en",
"value": "Install Kaspersky Security for Virtualization Light Agent 5.2.27.319 (with Kaspersky Security Components Installation Wizard 5.2.1.4005) or newer using the following url: https://www.kaspersky.com/small-to-medium-business-security/downloads/virtualization-hybrid-cloud"
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Endpoint Security for Windows. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Small Office Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky for Windows (Standard, Plus, Premium). To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Free. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Anti-Virus. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Internet Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Security Cloud. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Safe Kids. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
},
{
"lang": "en",
"value": "The fix was installed automatically for Kaspersky Anti-Ransomware Tool. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-06T00:00:00.000Z",
"value": "Advisory published by Kaspersky"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2024-13614",
"datePublished": "2025-02-06T16:13:08.173Z",
"dateReserved": "2025-01-22T06:31:25.425Z",
"dateUpdated": "2025-02-12T19:51:09.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23349 (GCVE-0-2023-23349)
Vulnerability from cvelistv5 – Published: 2024-03-22 16:15 – Updated: 2025-04-10 20:10
VLAI?
Summary
Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials.
Severity ?
CWE
- CWE-316 - Cleartext Storage of Sensitive Information in Memory
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Password Manager for Windows |
Affected:
* , < 24.0.0.427
(custom)
|
Credits
Efstratios Chatzoglou
Zisis Tsiatsikas
Vyron Kampourakis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T16:49:20.375552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:10:58.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Advisory issued on March 18, 2024",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#180324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kaspersky Password Manager for Windows",
"vendor": "Kaspersky",
"versions": [
{
"lessThan": "24.0.0.427",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Efstratios Chatzoglou"
},
{
"lang": "en",
"type": "finder",
"value": "Zisis Tsiatsikas"
},
{
"lang": "en",
"type": "finder",
"value": "Vyron Kampourakis"
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "CWE-316: Cleartext Storage of Sensitive Information in Memory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T11:51:13.706Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "Advisory issued on March 18, 2024",
"tags": [
"vendor-advisory"
],
"url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#180324"
}
],
"solutions": [
{
"lang": "en",
"value": "Install Kaspersky Password Manager (KPM) version 24.0.0.427 or later using the following url: https://support.kaspersky.com/help/KPM/Win24.0/en-US/85241.htm"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-18T00:00:00.000Z",
"value": "Advisory published by Kaspersky"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-23349",
"datePublished": "2024-03-22T16:15:55.200Z",
"dateReserved": "2023-01-11T20:11:14.512Z",
"dateUpdated": "2025-04-10T20:10:58.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1619 (GCVE-0-2024-1619)
Vulnerability from cvelistv5 – Published: 2024-02-29 09:22 – Updated: 2024-08-01 18:48
VLAI?
Summary
Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions.
Severity ?
6.1 (Medium)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Security for Linux Mail Server 8 |
Affected:
* , < 8.0.3.30 Security Patch A
(custom)
|
Credits
Adrian Tiron
Bogdan Tiron
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T16:14:26.090266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:00:28.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:20.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Advisory issued on February 1, 2024",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#010224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kaspersky Security for Linux Mail Server 8",
"vendor": "Kaspersky",
"versions": [
{
"lessThan": "8.0.3.30 Security Patch A",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adrian Tiron"
},
{
"lang": "en",
"type": "finder",
"value": "Bogdan Tiron"
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-29T09:22:03.588Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "Advisory issued on February 1, 2024",
"tags": [
"vendor-advisory"
],
"url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#010224"
}
],
"solutions": [
{
"lang": "en",
"value": "Install version 8.0.3.30 Security Patch A of Kaspersky Security 8.0 for Linux Mail Server."
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-01T00:00:00.000Z",
"value": "Advisory published by Kaspersky"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2024-1619",
"datePublished": "2024-02-29T09:22:03.588Z",
"dateReserved": "2024-02-19T08:38:14.449Z",
"dateUpdated": "2024-08-01T18:48:20.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27535 (GCVE-0-2022-27535)
Vulnerability from cvelistv5 – Published: 2022-08-05 16:47 – Updated: 2024-08-03 05:32
VLAI?
Summary
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
Severity ?
No CVSS data available.
CWE
- Local Privilege Escalation (LPE)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky VPN Secure Connection for Windows |
Affected:
prior to 21.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky VPN Secure Connection for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 21.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its \u0027Delete All Service Data And Reports\u0027 feature by the local authenticated attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation (LPE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T19:55:41",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2022-27535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky VPN Secure Connection for Windows",
"version": {
"version_data": [
{
"version_value": "prior to 21.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its \u0027Delete All Service Data And Reports\u0027 feature by the local authenticated attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation (LPE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/",
"refsource": "MISC",
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/"
},
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822"
},
{
"name": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/",
"refsource": "MISC",
"url": "https://forum.kaspersky.com/topic/kaspersky-statement-on-cve-2022-27535-26742/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2022-27535",
"datePublished": "2022-08-05T16:47:46",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27534 (GCVE-0-2022-27534)
Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2024-08-03 05:32
VLAI?
Summary
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).
Severity ?
No CVSS data available.
CWE
- Arbitrary Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security |
Affected:
with antivirus databases released before 12.03.2022
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "with antivirus databases released before 12.03.2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:49",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2022-27534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security",
"version": {
"version_data": [
{
"version_value": "with antivirus databases released before 12.03.2022"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2022-27534",
"datePublished": "2022-04-01T22:17:49",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27223 (GCVE-0-2021-27223)
Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2024-08-03 20:40
VLAI?
Summary
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS
Severity ?
No CVSS data available.
CWE
- Denial-of-Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security |
Affected:
with antivirus databases released before June 2021
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "with antivirus databases released before June 2021"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:48",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2021-27223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security",
"version": {
"version_data": [
{
"version_value": "with antivirus databases released before June 2021"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2021-27223",
"datePublished": "2022-04-01T22:17:48",
"dateReserved": "2021-02-15T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35052 (GCVE-0-2021-35052)
Vulnerability from cvelistv5 – Published: 2021-11-23 15:30 – Updated: 2024-08-04 00:33
VLAI?
Summary
A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High.
Severity ?
No CVSS data available.
CWE
- LPE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Password Manager for Windows |
Affected:
KPM for Windows prior to 9.0.2 Patch R
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:50.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Password Manager for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "KPM for Windows prior to 9.0.2 Patch R"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "LPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-29T10:06:04",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2021-35052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Password Manager for Windows",
"version": {
"version_data": [
{
"version_value": "KPM for Windows prior to 9.0.2 Patch R"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "LPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2021-35052",
"datePublished": "2021-11-23T15:30:38",
"dateReserved": "2021-06-18T00:00:00",
"dateUpdated": "2024-08-04T00:33:50.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35053 (GCVE-0-2021-35053)
Vulnerability from cvelistv5 – Published: 2021-11-03 19:11 – Updated: 2024-08-04 00:33
VLAI?
Summary
Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Endpoint Security for Windows |
Affected:
KES versions from 11.1 to 11.6 (inclusively)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:50.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Endpoint Security for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "KES versions from 11.1 to 11.6 (inclusively)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-04T12:06:12",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2021-35053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Endpoint Security for Windows",
"version": {
"version_data": [
{
"version_value": "KES versions from 11.1 to 11.6 (inclusively)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-431/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2021-35053",
"datePublished": "2021-11-03T19:11:26",
"dateReserved": "2021-06-18T00:00:00",
"dateUpdated": "2024-08-04T00:33:50.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27020 (GCVE-0-2020-27020)
Vulnerability from cvelistv5 – Published: 2021-05-14 11:00 – Updated: 2024-08-04 16:03
VLAI?
Summary
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation).
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Password Manager for Windows, Kaspersky Password Manager for Android, Kaspersky Password Manager for iOS |
Affected:
KPM for Windows prior to 9.2 Patch F, KPM for Android prior to 9.2.14.872, KPM for iOS prior to 9.2.14.31
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Password Manager for Windows, Kaspersky Password Manager for Android, Kaspersky Password Manager for iOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "KPM for Windows prior to 9.2 Patch F, KPM for Android prior to 9.2.14.872, KPM for iOS prior to 9.2.14.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-14T11:00:04",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-27020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Password Manager for Windows, Kaspersky Password Manager for Android, Kaspersky Password Manager for iOS",
"version": {
"version_data": [
{
"version_value": "KPM for Windows prior to 9.2 Patch F, KPM for Android prior to 9.2.14.872, KPM for iOS prior to 9.2.14.31"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-27020",
"datePublished": "2021-05-14T11:00:04",
"dateReserved": "2020-10-12T00:00:00",
"dateUpdated": "2024-08-04T16:03:23.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26718 (GCVE-0-2021-26718)
Vulnerability from cvelistv5 – Published: 2021-04-01 18:00 – Updated: 2024-08-03 20:33
VLAI?
Summary
KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection.
Severity ?
No CVSS data available.
CWE
- Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Internet Security for Mac |
Affected:
prior to 21.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Internet Security for Mac",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 21.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-01T18:00:59",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2021-26718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Internet Security for Mac",
"version": {
"version_data": [
{
"version_value": "prior to 21.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310321",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2021-26718",
"datePublished": "2021-04-01T18:00:59",
"dateReserved": "2021-02-05T00:00:00",
"dateUpdated": "2024-08-03T20:33:41.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26200 (GCVE-0-2020-26200)
Vulnerability from cvelistv5 – Published: 2021-02-26 13:30 – Updated: 2024-08-04 15:49
VLAI?
Summary
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component.
Severity ?
No CVSS data available.
CWE
- Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| N/A | Kaspersky Rescue Disk Version |
Affected:
All versions prior to 18.0.11.3 (patch C)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Rescue Disk Version",
"vendor": "N/A",
"versions": [
{
"status": "affected",
"version": "All versions prior to 18.0.11.3 (patch C)"
}
]
},
{
"product": "Kaspersky Endpoint Security with the Full Disk Encryption component installed",
"vendor": "N/A",
"versions": [
{
"status": "affected",
"version": "10 SP2 MR2"
},
{
"status": "affected",
"version": "10 SP2 MR3"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T13:30:23",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-26200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Rescue Disk Version",
"version": {
"version_data": [
{
"version_value": "All versions prior to 18.0.11.3 (patch C)"
}
]
}
},
{
"product_name": "Kaspersky Endpoint Security with the Full Disk Encryption component installed",
"version": {
"version_data": [
{
"version_value": "10 SP2 MR2"
},
{
"version_value": "10 SP2 MR3"
},
{
"version_value": "11.0.0"
},
{
"version_value": "11.0.1"
},
{
"version_value": "11.1.0"
}
]
}
}
]
},
"vendor_name": "N/A"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-26200",
"datePublished": "2021-02-26T13:30:23",
"dateReserved": "2020-09-30T00:00:00",
"dateUpdated": "2024-08-04T15:49:07.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36200 (GCVE-0-2020-36200)
Vulnerability from cvelistv5 – Published: 2021-01-21 21:23 – Updated: 2024-08-04 17:23
VLAI?
Summary
TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.
Severity ?
No CVSS data available.
CWE
- Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky TinyCheck |
Affected:
without commits 9fd360d and ea53de8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky TinyCheck",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "without commits 9fd360d and ea53de8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-21T21:23:00",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-36200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky TinyCheck",
"version": {
"version_data": [
{
"version_value": "without commits 9fd360d and ea53de8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h",
"refsource": "MISC",
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-36200",
"datePublished": "2021-01-21T21:23:00",
"dateReserved": "2021-01-20T00:00:00",
"dateUpdated": "2024-08-04T17:23:09.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36199 (GCVE-0-2020-36199)
Vulnerability from cvelistv5 – Published: 2021-01-21 21:20 – Updated: 2024-08-04 17:23
VLAI?
Summary
TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.
Severity ?
No CVSS data available.
CWE
- Arbitrary Code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky TinyCheck |
Affected:
without commits 9fd360d and ea53de8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky TinyCheck",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "without commits 9fd360d and ea53de8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-21T21:20:28",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-36199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky TinyCheck",
"version": {
"version_data": [
{
"version_value": "without commits 9fd360d and ea53de8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m",
"refsource": "MISC",
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-36199",
"datePublished": "2021-01-21T21:20:28",
"dateReserved": "2021-01-20T00:00:00",
"dateUpdated": "2024-08-04T17:23:09.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35929 (GCVE-0-2020-35929)
Vulnerability from cvelistv5 – Published: 2021-01-19 16:53 – Updated: 2024-08-04 17:16
VLAI?
Summary
In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data.
Severity ?
No CVSS data available.
CWE
- Information Disclosure (ID)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:13.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-9f7g-72h2-59g7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TinyCheck",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "without commits 9fd360d and ea53de8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure (ID)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-19T16:53:36",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-9f7g-72h2-59g7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-35929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TinyCheck",
"version": {
"version_data": [
{
"version_value": "without commits 9fd360d and ea53de8"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure (ID)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-9f7g-72h2-59g7",
"refsource": "MISC",
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-9f7g-72h2-59g7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-35929",
"datePublished": "2021-01-19T16:53:36",
"dateReserved": "2020-12-31T00:00:00",
"dateUpdated": "2024-08-04T17:16:13.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28950 (GCVE-0-2020-28950)
Vulnerability from cvelistv5 – Published: 2020-12-04 21:11 – Updated: 2024-08-04 16:48
VLAI?
Summary
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
Severity ?
No CVSS data available.
CWE
- Local Privilege Escalation (LPE)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Anti-Ransomware Tool |
Affected:
prior to KART 4.0 Patch C
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:00.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Ransomware Tool",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to KART 4.0 Patch C"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation (LPE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T21:11:56",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-28950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Ransomware Tool",
"version": {
"version_data": [
{
"version_value": "prior to KART 4.0 Patch C"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation (LPE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-28950",
"datePublished": "2020-12-04T21:11:56",
"dateReserved": "2020-11-19T00:00:00",
"dateUpdated": "2024-08-04T16:48:00.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25044 (GCVE-0-2020-25044)
Vulnerability from cvelistv5 – Published: 2020-09-02 19:29 – Updated: 2024-08-04 15:26
VLAI?
Summary
Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system.
Severity ?
No CVSS data available.
CWE
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Virus Removal Tool |
Affected:
prior to 15.0.23.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Virus Removal Tool",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 15.0.23.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T19:29:54",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-25044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Virus Removal Tool",
"version": {
"version_data": [
{
"version_value": "prior to 15.0.23.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-25044",
"datePublished": "2020-09-02T19:29:54",
"dateReserved": "2020-08-31T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25043 (GCVE-0-2020-25043)
Vulnerability from cvelistv5 – Published: 2020-09-02 19:28 – Updated: 2024-08-04 15:26
VLAI?
Summary
The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.
Severity ?
No CVSS data available.
CWE
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky VPN Secure Connection |
Affected:
prior to 5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky VPN Secure Connection",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T19:28:24",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-25043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky VPN Secure Connection",
"version": {
"version_data": [
{
"version_value": "prior to 5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-25043",
"datePublished": "2020-09-02T19:28:24",
"dateReserved": "2020-08-31T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25045 (GCVE-0-2020-25045)
Vulnerability from cvelistv5 – Published: 2020-09-02 19:25 – Updated: 2024-08-04 15:26
VLAI?
Summary
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system.
Severity ?
No CVSS data available.
CWE
- Local Privilege Escalation (LPE)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Security Center & Kaspersky Security Center Web Console |
Affected:
prior to 12 & prior to 12 Patch A
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Security Center \u0026 Kaspersky Security Center Web Console",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 12 \u0026 prior to 12 Patch A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 \u0026 prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation (LPE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T19:25:10",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-25045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Security Center \u0026 Kaspersky Security Center Web Console",
"version": {
"version_data": [
{
"version_value": "prior to 12 \u0026 prior to 12 Patch A"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 \u0026 prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation (LPE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#290720"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-25045",
"datePublished": "2020-09-02T19:25:10",
"dateReserved": "2020-08-31T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15695 (GCVE-0-2019-15695)
Vulnerability from cvelistv5 – Published: 2019-12-26 15:24 – Updated: 2024-08-05 00:56
VLAI?
Summary
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
Severity ?
No CVSS data available.
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89"
},
{
"name": "openSUSE-SU-2020:0087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TigerVNC",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T21:06:14",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89"
},
{
"name": "openSUSE-SU-2020:0087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TigerVNC",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1",
"refsource": "MISC",
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"name": "https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89",
"refsource": "MISC",
"url": "https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89"
},
{
"name": "openSUSE-SU-2020:0087",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15695",
"datePublished": "2019-12-26T15:24:00",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15694 (GCVE-0-2019-15694)
Vulnerability from cvelistv5 – Published: 2019-12-26 14:59 – Updated: 2024-08-05 00:56
VLAI?
Summary
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
Severity ?
No CVSS data available.
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CendioOssman/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"name": "openSUSE-SU-2020:0087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TigerVNC",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T21:06:13",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CendioOssman/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"name": "openSUSE-SU-2020:0087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TigerVNC",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CendioOssman/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438",
"refsource": "MISC",
"url": "https://github.com/CendioOssman/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438"
},
{
"name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1",
"refsource": "MISC",
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"name": "openSUSE-SU-2020:0087",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15694",
"datePublished": "2019-12-26T14:59:01",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15693 (GCVE-0-2019-15693)
Vulnerability from cvelistv5 – Published: 2019-12-26 14:57 – Updated: 2024-08-05 00:56
VLAI?
Summary
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
Severity ?
No CVSS data available.
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"name": "openSUSE-SU-2020:0087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TigerVNC",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T21:06:11",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"name": "openSUSE-SU-2020:0087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TigerVNC",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95",
"refsource": "MISC",
"url": "https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95"
},
{
"name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1",
"refsource": "MISC",
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"name": "openSUSE-SU-2020:0087",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15693",
"datePublished": "2019-12-26T14:57:33",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15692 (GCVE-0-2019-15692)
Vulnerability from cvelistv5 – Published: 2019-12-26 14:55 – Updated: 2024-08-05 00:56
VLAI?
Summary
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
Severity ?
No CVSS data available.
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CendioOssman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"name": "openSUSE-SU-2020:0087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TigerVNC",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T21:06:12",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CendioOssman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"name": "openSUSE-SU-2020:0087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TigerVNC",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CendioOssman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821",
"refsource": "MISC",
"url": "https://github.com/CendioOssman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821"
},
{
"name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1",
"refsource": "MISC",
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"name": "openSUSE-SU-2020:0087",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15692",
"datePublished": "2019-12-26T14:55:47",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15691 (GCVE-0-2019-15691)
Vulnerability from cvelistv5 – Published: 2019-12-26 14:52 – Updated: 2024-08-05 00:56
VLAI?
Summary
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
Severity ?
No CVSS data available.
CWE
- CWE-825 - Expired Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CendioOssman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"name": "openSUSE-SU-2020:0087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TigerVNC",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-825",
"description": "CWE-825: Expired Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T21:06:12",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CendioOssman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"name": "openSUSE-SU-2020:0087",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TigerVNC",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-825: Expired Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CendioOssman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40",
"refsource": "MISC",
"url": "https://github.com/CendioOssman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40"
},
{
"name": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1",
"refsource": "MISC",
"url": "https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1"
},
{
"name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2019/12/20/2"
},
{
"name": "openSUSE-SU-2020:0087",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15691",
"datePublished": "2019-12-26T14:52:46",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15689 (GCVE-0-2019-15689)
Vulnerability from cvelistv5 – Published: 2019-12-02 20:43 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products
Severity ?
No CVSS data available.
CWE
- Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud |
Affected:
prior to version 2020 patch E
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "prior to version 2020 patch E"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-02T20:43:52",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "prior to version 2020 patch E"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15689",
"datePublished": "2019-12-02T20:43:52",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15687 (GCVE-0-2019-15687)
Vulnerability from cvelistv5 – Published: 2019-11-26 15:45 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure.
Severity ?
No CVSS data available.
CWE
- Information Disclosure.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud |
Affected:
up to 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user\u0027s system (like Windows version and version of the product, host unique ID). Information Disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:45:17",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "up to 2020"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user\u0027s system (like Windows version and version of the product, host unique ID). Information Disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15687",
"datePublished": "2019-11-26T15:45:17",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15686 (GCVE-0-2019-15686)
Vulnerability from cvelistv5 – Published: 2019-11-26 15:44 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass.
Severity ?
No CVSS data available.
CWE
- DoS, Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud |
Affected:
up to 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS, Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:44:49",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "up to 2020"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS, Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15686",
"datePublished": "2019-11-26T15:44:49",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15685 (GCVE-0-2019-15685)
Vulnerability from cvelistv5 – Published: 2019-11-26 15:44 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass.
Severity ?
No CVSS data available.
CWE
- Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud |
Affected:
up to 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product\u0027s security features as private browsing and anti-banner. Bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:44:19",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "up to 2020"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product\u0027s security features as private browsing and anti-banner. Bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15685",
"datePublished": "2019-11-26T15:44:19",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15688 (GCVE-0-2019-15688)
Vulnerability from cvelistv5 – Published: 2019-11-26 15:32 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass.
Severity ?
No CVSS data available.
CWE
- Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud |
Affected:
up to 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "up to 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:32:17",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud",
"version": {
"version_data": [
{
"version_value": "up to 2020"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15688",
"datePublished": "2019-11-26T15:32:17",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15684 (GCVE-0-2019-15684)
Vulnerability from cvelistv5 – Published: 2019-11-25 16:01 – Updated: 2024-08-05 00:56
VLAI?
Summary
Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.
Severity ?
No CVSS data available.
CWE
- Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky | Kaspersky Protection extension for Google Chrome |
Affected:
prior to 30.112.62.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Protection extension for Google Chrome",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "prior to 30.112.62.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T16:01:12",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-15684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Protection extension for Google Chrome",
"version": {
"version_data": [
{
"version_value": "prior to 30.112.62.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#251119_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-15684",
"datePublished": "2019-11-25T16:01:12",
"dateReserved": "2019-08-27T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}