CVSS: 9.0EPSS: 17%CPEs: 2EXPL: 0CVE-2021-32462 – Trend Micro Password Manager Exposed Dangerous Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-32462
05 Jul 2021 — Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability. Trend Micro Password Manager (Consumer) versiones 5.0.0.1217 y por debajo es susceptible a una vulnerabilidad de Ejecución de Código Remota de Función Peligrosa Expuesta que... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10388 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-27020
https://notcve.org/view.php?id=CVE-2020-27020
14 May 2021 — Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation). La funcionalidad password generator del programa Kaspersky Password Manager no era completamente segura desde el punto de vista criptográfico, y en algunos casos potencialmente permitía a un atacante predecir las contraseñas g... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28647
https://notcve.org/view.php?id=CVE-2021-28647
13 Apr 2021 — Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program. Trend Micro Password Manager versión 5 (Consumer) es vulnerable a una vulnerabilidad de secuestro DLL que podría permitir a un atacante inyectar un archivo DLL malicioso durante el progreso de la instalación y podría ejecutar un programa malicios... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10282 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7962
https://notcve.org/view.php?id=CVE-2020-7962
13 Nov 2020 — An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is possible because, within the HTTP response content, WRONG ID is only returned when the answer is incorrect. Se detectó un problema en One Identity Password Manager versión 5.8. • https://cxsecurity.com/issue/WLB-2020050185 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8469
https://notcve.org/view.php?id=CVE-2020-8469
12 Mar 2020 — Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. Trend Micro Password Manager for Windows versión 5.0, está afectado por una vulnerabilidad de secuestro de DLL, que podría potencialmente permitir a un atacante una escalada privilegiada. • http://seclists.org/fulldisclosure/2020/Jun/30 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19696
https://notcve.org/view.php?id=CVE-2019-19696
17 Jan 2020 — A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites. Se presenta una vulnerabilidad de RootCA en Trend Micro Password Manager para Windows y macOS, en donde una parte no autorizada puede acceder inapropiadamente a localhost.key de RootCA.crt y podría ser ... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124092.aspx • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15625
https://notcve.org/view.php?id=CVE-2019-15625
17 Jan 2020 — A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information. Se presenta una vulnerabilidad de uso de memoria en Trend Micro Password Manager versión 3.8, que podría permitir a un atacante con acceso y permisos a los procesos de la memoria de la víctima extraer información confidencial. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123595.aspx •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19546
https://notcve.org/view.php?id=CVE-2019-19546
05 Dec 2019 — Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. Norton Password Manager, versiones anteriores a 6.6.2.5, puede ser susceptible a un problema de divulgación de información, que es un tipo de vulnerabilidad mediante la cual se presenta una divulgación involuntaria de información a un acto... • https://support.symantec.com/us/en/article.SYMSA1499.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19545
https://notcve.org/view.php?id=CVE-2019-19545
05 Dec 2019 — Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. Norton Password Manager, versiones anteriores a 6.6.2.5, puede ser susceptible a una vulnerabilidad de intercambio de recursos de origen cruzado (CORS), que es un tipo de problema que permite a recursos restringidos sobre un... • https://support.symantec.com/us/en/article.SYMSA1499.html • CWE-346: Origin Validation Error •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18381
https://notcve.org/view.php?id=CVE-2019-18381
05 Dec 2019 — Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. Norton Password Manager, versiones anteriores a 6.6.2.5, puede ser susceptible a una vulnerabilidad de intercambio de recursos de origen cruzado (CORS), que es un tipo de problema que permite a recursos restringidos sobre un... • https://support.symantec.com/us/en/article.SYMSA1499.html • CWE-346: Origin Validation Error •