Kaspersky Internet Security vulnerabilities

5 known vulnerabilities affecting kaspersky/kaspersky_internet_security.

Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2019-15689MEDIUMCVSS 6.7v20192019-12-02
CVE-2019-15689 [MEDIUM] CWE-668 CVE-2019-15689: Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Securi Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the securi
nvd
CVE-2014-5654MEDIUMCVSS 5.4v11.4.4.2322014-09-09
CVE-2014-5654 [MEDIUM] CWE-310 CVE-2014-5654: The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verif The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
nvd
CVE-2009-2966MEDIUMCVSS 4.3PoCv9.0.0.4592009-08-25
CVE-2009-2966 [MEDIUM] CWE-399 CVE-2009-2966: avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.
nvd
CVE-2009-2647MEDIUMCVSS 5.0v20102009-07-30
CVE-2009-2647 [MEDIUM] CVE-2009-2647: Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before C Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script."
nvd
CVE-2006-3074MEDIUMCVSS 5.0PoCv6.0v7.02006-06-19
CVE-2006-3074 [MEDIUM] CWE-119 CVE-2006-3074: klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValu
nvd