Skip to main content

Anti Virus For Linux Server

4 CVEs product

Monthly

CVE-2017-9813 MEDIUM POC This Month

In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Anti Virus For Linux Server
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.7%
CVE-2017-9812 HIGH POC THREAT Act Now

The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 27.2%.

Information Disclosure Anti Virus For Linux Server
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
27.2%
CVE-2017-9811 CRITICAL POC THREAT Emergency

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.7%.

Information Disclosure Anti Virus For Linux Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.7%
Threat
4.2
CVE-2017-9810 HIGH POC This Week

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Anti Virus For Linux Server
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
1.1%
EPSS 4% CVSS 6.1
MEDIUM POC This Month

In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Anti Virus For Linux Server
NVD Exploit-DB
EPSS 27% CVSS 7.5
HIGH POC THREAT Act Now

The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 27.2%.

Information Disclosure Anti Virus For Linux Server
NVD Exploit-DB
EPSS 25% 4.2 CVSS 9.8
CRITICAL POC THREAT Emergency

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.7%.

Information Disclosure Anti Virus For Linux Server
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Anti Virus For Linux Server
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy