Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass.

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass.

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass.

Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.

Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability has CVSS v3.0 base score 2.6

Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution

Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.

Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.

Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.

WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.