CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28795
https://notcve.org/view.php?id=CVE-2022-28795
A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari. Una vulnerabilidad en las extensiones de navegador de Avira Password Manager ofrecía una posible laguna en la que, si un usuario visitaba una página diseñada por un atacante, la vulnerabilidad detectada podía hacer que la extensión de Password Manager rellenara el campo de la contraseña automáticamente. Un atacante podría entonces acceder a esta información por medio de JavaScript. • https://support.norton.com/sp/static/external/tools/security-advisories.html •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26337
https://notcve.org/view.php?id=CVE-2022-26337
Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine. El instalador de Trend Micro Password Manager (Consumer) versión 5.0.0.1262 y anteriores, es susceptible a una vulnerabilidad de Elemento de Ruta de Búsqueda no Controlada que podría permitir a un atacante usar un archivo especialmente diseñado para explotar la vulnerabilidad y elevar privilegios locales en el equipo afectado • https://helpcenter.trendmicro.com/en-us/article/tmka-10954 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-35052 – Kaspersky Password Manager Improper Privilege Management Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-35052
A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. Un componente de Kaspersky Password Manager podría permitir a un atacante elevar el nivel de integridad de un proceso de Medio a Alto This vulnerability allows local attackers to escalate privileges on affected installations of Kaspersky Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Kaspersky Password Manager Service. The issue results from execution with unnecessary privileges. An attacker can leverage this vulnerability to escalate privileges from medium integrity and execute code in the context of the current user at high integrity. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121 https://www.zerodayinitiative.com/advisories/ZDI-21-1335 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2021-32462 – Trend Micro Password Manager Exposed Dangerous Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-32462
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability. Trend Micro Password Manager (Consumer) versiones 5.0.0.1217 y por debajo es susceptible a una vulnerabilidad de Ejecución de Código Remota de Función Peligrosa Expuesta que podría permitir a un cliente no privilegiado manipular el registro y escalar privilegios para SYSTEM en las instalaciones afectadas. Es requerida la autenticación para explotar esta vulnerabilidad This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Password Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Trend Micro Password Manager Central Control Service. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10388 https://www.zerodayinitiative.com/advisories/ZDI-21-774 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32461 – Trend Micro Password Manager Integer Truncation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32461
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Trend Micro Password Manager (Consumer) versiones 5.0.0.1217 y por debajo es susceptible a una vulnerabilidad de Escalada de Privilegios por Truncamiento de Enteros que podría permitir a un atacante local desencadenar un desbordamiento de búfer y una escalada de privilegios en las instalaciones afectadas. Un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema objetivo para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend Micro Password Manager Central Control Service. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10388 https://www.zerodayinitiative.com/advisories/ZDI-21-773 • CWE-681: Incorrect Conversion between Numeric Types •