K7computingCVEs & Vulnerabilities

59 CVEs affecting K7computing products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

antivirus 39total security 25ultimate security 24enterprise security 13antivrius 13endpoint 10internet security 10k7 ultimate security 3
CVE-2024-36424MEDIUMpoc

K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of service (BSOD) because of a NULL pointer dereference.

6 Aug 2024
5.5
CVSS
CVE-2018-9333HIGH

K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe.

11 Jan 2021
7.8
CVSS
CVE-2018-9332HIGH

K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local).

11 Jan 2021
7.8
CVSS
CVE-2018-8726HIGH

K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe.

11 Jan 2021
7.8
CVSS
CVE-2018-8725HIGH

K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe.

11 Jan 2021
7.8
CVSS
CVE-2018-8724HIGH

K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe.

11 Jan 2021
7.8
CVSS
CVE-2018-8044HIGH

K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys.

11 Jan 2021
7.8
CVSS
CVE-2018-11246HIGH

K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak.

11 Jan 2021
7.5
CVSS
CVE-2018-11010HIGH

A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

11 Jan 2021
7.8
CVSS
CVE-2018-11009HIGH

A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

11 Jan 2021
7.8
CVSS
CVE-2018-11008MEDIUM

An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

11 Jan 2021
5.5
CVSS
CVE-2018-11007MEDIUM

A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

11 Jan 2021
5.5
CVSS
CVE-2018-11006MEDIUM

An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

11 Jan 2021
5.5
CVSS
CVE-2018-11005MEDIUM

A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

11 Jan 2021
5.5
CVSS
CVE-2019-16896HIGH

In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality.

27 Dec 2019
7.8
CVSS
CVE-2019-16897CRITICAL

In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process.

28 Oct 2019
9.8
CVSS
CVE-2017-17429MEDIUM

In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL.

16 Jan 2018
5.5
CVSS
CVE-2017-16557HIGH

K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

16 Jan 2018
7.0
CVSS
CVE-2017-16556MEDIUM

In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations.

16 Jan 2018
5.5
CVSS
CVE-2017-16555HIGH

K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

16 Jan 2018
7.0
CVSS
CVE-2017-16554HIGH

K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

16 Jan 2018
7.8
CVSS
CVE-2017-16553HIGH

K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

16 Jan 2018
7.0
CVSS
CVE-2017-16552HIGH

K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

16 Jan 2018
7.8
CVSS
CVE-2017-16551HIGH

K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

16 Jan 2018
7.0
CVSS
CVE-2017-16550HIGH

K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

16 Jan 2018
7.8
CVSS
CVE-2017-16549HIGH

K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

16 Jan 2018
7.8
CVSS
CVE-2018-5220HIGH

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.

4 Jan 2018
7.8
CVSS
CVE-2018-5219HIGH

In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168.

4 Jan 2018
7.8
CVSS
CVE-2018-5218HIGH

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0.

4 Jan 2018
7.8
CVSS
CVE-2018-5217HIGH

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.

4 Jan 2018
7.8
CVSS
CVE-2017-18019HIGHpoc

In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.

4 Jan 2018
7.1
CVSS
CVE-2018-5088HIGH

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C.

3 Jan 2018
7.8
CVSS
CVE-2018-5087HIGH

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100.

3 Jan 2018
7.8
CVSS
CVE-2018-5086HIGH

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.

3 Jan 2018
7.8
CVSS
CVE-2018-5085HIGH

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.

3 Jan 2018
7.8
CVSS
CVE-2018-5084HIGH

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.

3 Jan 2018
7.8
CVSS
CVE-2018-5083HIGH

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B.

3 Jan 2018
7.8
CVSS
CVE-2018-5082HIGH

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.

3 Jan 2018
7.8
CVSS
CVE-2018-5081HIGH

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.

3 Jan 2018
7.8
CVSS
CVE-2018-5080HIGH

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.

3 Jan 2018
7.8
CVSS
CVE-2018-5079HIGH

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.

3 Jan 2018
7.8
CVSS
CVE-2017-17701CRITICAL

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.

15 Dec 2017
9.8
CVSS
CVE-2017-17700CRITICAL

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.

15 Dec 2017
9.8
CVSS
CVE-2017-17699CRITICAL

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.

15 Dec 2017
9.8
CVSS
CVE-2017-17465CRITICAL

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request.

8 Dec 2017
9.8
CVSS
CVE-2017-17464CRITICAL

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request.

8 Dec 2017
9.8
CVSS
CVE-2014-9643HIGHpoc

K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call.

6 Feb 2015
7.2
CVSS
CVE-2014-8956HIGH

Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors.

12 Dec 2014
7.2
CVSS
← PrevPage 1 / 2Next →