Check CVE Id
Check CWE Id
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.
(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
Secure mail gateway
CVSS Base Score
Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking p...
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1.
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 18.104.22.1680 leads to local privilege escalation.
In Kaspersky Internet Security for Android 22.214.171.1242, some of the application trace files were not encrypted.
In Kaspersky Internet Security for Android 126.96.36.1992, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 188.8.131.522). By abusing the quarantine read and write operations, it is possible to elevate t...
Back to Top