Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for tinycheck by kaspersky
CVE-2020-36200 (GCVE-0-2020-36200)
Vulnerability from cvelistv5 – Published: 2021-01-21 21:23 – Updated: 2024-08-04 17:23
VLAI
EPSS
VEX
Summary
TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.
Severity
No CVSS data available.
CWE
- Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/KasperskyLab/TinyCheck/securit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Kaspersky TinyCheck |
Affected:
without commits 9fd360d and ea53de8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky TinyCheck",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "without commits 9fd360d and ea53de8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-21T21:23:00.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-36200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky TinyCheck",
"version": {
"version_data": [
{
"version_value": "without commits 9fd360d and ea53de8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h",
"refsource": "MISC",
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-36200",
"datePublished": "2021-01-21T21:23:00.000Z",
"dateReserved": "2021-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:23:09.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36199 (GCVE-0-2020-36199)
Vulnerability from cvelistv5 – Published: 2021-01-21 21:20 – Updated: 2024-08-04 17:23
VLAI
EPSS
VEX
Summary
TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.
Severity
No CVSS data available.
CWE
- Arbitrary Code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/KasperskyLab/TinyCheck/securit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Kaspersky TinyCheck |
Affected:
without commits 9fd360d and ea53de8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky TinyCheck",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "without commits 9fd360d and ea53de8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-21T21:20:28.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-36199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky TinyCheck",
"version": {
"version_data": [
{
"version_value": "without commits 9fd360d and ea53de8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m",
"refsource": "MISC",
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-36199",
"datePublished": "2021-01-21T21:20:28.000Z",
"dateReserved": "2021-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:23:09.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35929 (GCVE-0-2020-35929)
Vulnerability from cvelistv5 – Published: 2021-01-19 16:53 – Updated: 2024-08-04 17:16
VLAI
EPSS
VEX
Summary
In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data.
Severity
No CVSS data available.
CWE
- Information Disclosure (ID)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/KasperskyLab/TinyCheck/securit… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:13.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-9f7g-72h2-59g7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TinyCheck",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "without commits 9fd360d and ea53de8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure (ID)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-19T16:53:36.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-9f7g-72h2-59g7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-35929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TinyCheck",
"version": {
"version_data": [
{
"version_value": "without commits 9fd360d and ea53de8"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure (ID)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-9f7g-72h2-59g7",
"refsource": "MISC",
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-9f7g-72h2-59g7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-35929",
"datePublished": "2021-01-19T16:53:36.000Z",
"dateReserved": "2020-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:16:13.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36200 (GCVE-0-2020-36200)
Vulnerability from nvd – Published: 2021-01-21 21:23 – Updated: 2024-08-04 17:23
VLAI
EPSS
VEX
Summary
TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.
Severity
No CVSS data available.
CWE
- Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/KasperskyLab/TinyCheck/securit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Kaspersky TinyCheck |
Affected:
without commits 9fd360d and ea53de8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky TinyCheck",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "without commits 9fd360d and ea53de8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-21T21:23:00.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-36200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky TinyCheck",
"version": {
"version_data": [
{
"version_value": "without commits 9fd360d and ea53de8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h",
"refsource": "MISC",
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-36200",
"datePublished": "2021-01-21T21:23:00.000Z",
"dateReserved": "2021-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:23:09.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36199 (GCVE-0-2020-36199)
Vulnerability from nvd – Published: 2021-01-21 21:20 – Updated: 2024-08-04 17:23
VLAI
EPSS
VEX
Summary
TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.
Severity
No CVSS data available.
CWE
- Arbitrary Code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/KasperskyLab/TinyCheck/securit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Kaspersky TinyCheck |
Affected:
without commits 9fd360d and ea53de8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:09.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky TinyCheck",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "without commits 9fd360d and ea53de8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-21T21:20:28.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-36199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky TinyCheck",
"version": {
"version_data": [
{
"version_value": "without commits 9fd360d and ea53de8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m",
"refsource": "MISC",
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-36199",
"datePublished": "2021-01-21T21:20:28.000Z",
"dateReserved": "2021-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:23:09.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35929 (GCVE-0-2020-35929)
Vulnerability from nvd – Published: 2021-01-19 16:53 – Updated: 2024-08-04 17:16
VLAI
EPSS
VEX
Summary
In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data.
Severity
No CVSS data available.
CWE
- Information Disclosure (ID)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/KasperskyLab/TinyCheck/securit… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:13.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-9f7g-72h2-59g7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TinyCheck",
"vendor": "Kaspersky",
"versions": [
{
"status": "affected",
"version": "without commits 9fd360d and ea53de8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure (ID)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-19T16:53:36.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-9f7g-72h2-59g7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-35929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TinyCheck",
"version": {
"version_data": [
{
"version_value": "without commits 9fd360d and ea53de8"
}
]
}
}
]
},
"vendor_name": "Kaspersky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure (ID)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-9f7g-72h2-59g7",
"refsource": "MISC",
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-9f7g-72h2-59g7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-35929",
"datePublished": "2021-01-19T16:53:36.000Z",
"dateReserved": "2020-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:16:13.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}