What is the Kaspersky CNA?
Kaspersky is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 154 CVE records since 2017.
How many CVEs has Kaspersky published?
Kaspersky has published 154 CVE records, including 18 in the last two years.
What is Kaspersky's CVE data quality grade?
RadicalNotion.AI grades Kaspersky's CVE data quality as F, with an overall completeness score of 59.9%. This reflects how consistently its CVE records include vendor (79.9%), product (100%), CVSS (18.2%), and CWE (41.6%) information.
What products does Kaspersky publish CVEs for?
Kaspersky most frequently publishes CVEs for UltraVNC, sinumerik pcu base win10 software\/ipc, sinumerik pcu base win7 software\/ipc, sinumerik access mymachine\/p2p, LibVNCServer.
Which vendors does Kaspersky cover?
Kaspersky publishes CVEs across 18 distinct vendors, most often Kaspersky, Kaspersky Lab, uvnc, siemens, LibVNC.
Is Kaspersky actively publishing CVEs?
Kaspersky is currently active, based on 18 CVEs in the last two years.
What is the average severity of Kaspersky's CVEs?
The average CVSS base score across Kaspersky's scored CVEs is 6.7.
How many critical CVEs has Kaspersky published?
Kaspersky has published 6 critical-severity CVEs and 9 high-severity CVEs.
Are any of Kaspersky's CVEs in CISA's Known Exploited Vulnerabilities catalog?
Yes. 1 of Kaspersky's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
What are the most common weakness types in Kaspersky's CVEs?
Kaspersky's CVEs most often map to these CWE weakness types: CWE-122 (Heap-based Buffer Overflow), CWE-121 (Stack-based Buffer Overflow), CWE-125 (Out-of-bounds Read), CWE-788 (Access of Memory Location After End of Buffer).
How does Kaspersky rank among CNAs?
By total CVE volume, Kaspersky ranks #101 of 370 CNAs, and it reports more complete CVE records than 14% of all CNAs.
