Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9813 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).
|
|||||
| CVE-2017-9810 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
|
|||||
| CVE-2017-9812 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.
|
|||||
| CVE-2017-9811 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
|
|||||