Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Kaspersky Subscribe
Filtered by product Anti-virus For Linux Server
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9810 1 Kaspersky 1 Anti-virus For Linux Server 2019-10-02 6.8 MEDIUM 8.8 HIGH
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
CVE-2017-9811 1 Kaspersky 1 Anti-virus For Linux Server 2017-08-11 10.0 HIGH 9.8 CRITICAL
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
CVE-2017-9812 1 Kaspersky 1 Anti-virus For Linux Server 2017-08-11 5.0 MEDIUM 7.5 HIGH
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.
CVE-2017-9813 1 Kaspersky 1 Anti-virus For Linux Server 2017-08-11 4.3 MEDIUM 6.1 MEDIUM
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).