CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19696
https://notcve.org/view.php?id=CVE-2019-19696
17 Jan 2020 — A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites. Se presenta una vulnerabilidad de RootCA en Trend Micro Password Manager para Windows y macOS, en donde una parte no autorizada puede acceder inapropiadamente a localhost.key de RootCA.crt y podría ser ... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124092.aspx • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19546
https://notcve.org/view.php?id=CVE-2019-19546
05 Dec 2019 — Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. Norton Password Manager, versiones anteriores a 6.6.2.5, puede ser susceptible a un problema de divulgación de información, que es un tipo de vulnerabilidad mediante la cual se presenta una divulgación involuntaria de información a un acto... • https://support.symantec.com/us/en/article.SYMSA1499.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19545
https://notcve.org/view.php?id=CVE-2019-19545
05 Dec 2019 — Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. Norton Password Manager, versiones anteriores a 6.6.2.5, puede ser susceptible a una vulnerabilidad de intercambio de recursos de origen cruzado (CORS), que es un tipo de problema que permite a recursos restringidos sobre un... • https://support.symantec.com/us/en/article.SYMSA1499.html • CWE-346: Origin Validation Error •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18381
https://notcve.org/view.php?id=CVE-2019-18381
05 Dec 2019 — Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. Norton Password Manager, versiones anteriores a 6.6.2.5, puede ser susceptible a una vulnerabilidad de intercambio de recursos de origen cruzado (CORS), que es un tipo de problema que permite a recursos restringidos sobre un... • https://support.symantec.com/us/en/article.SYMSA1499.html • CWE-346: Origin Validation Error •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-15629
https://notcve.org/view.php?id=CVE-2019-15629
25 Nov 2019 — Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device. Trend Micro Password Manager versiones 3.x, 5.0 y 5.1 para Android, están afectadas por una vulnerabilidad FLAG_MISUSE que podría ser explotada para permitir a la aplicación compartir información con aplicaciones de terceros en el dispositivo. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124012.aspx •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14687
https://notcve.org/view.php?id=CVE-2019-14687
20 Aug 2019 — A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684. Existe una vulnerabilidad de secuestro de DLL en Trend Micro Password Manager 5.0 en el que, si se explota, permitiría a un atacante cargar una DLL arbitraria sin firmar en el proceso del servicio firmado. Este proceso es muy similar, pero no idéntico al ... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14684
https://notcve.org/view.php?id=CVE-2019-14684
20 Aug 2019 — A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687. Existe una vulnerabilidad de secuestro de DLL en Trend Micro Password Manager 5.0 en el que, si se explota, permitiría a un atacante cargar una DLL arbitraria sin firmar en el proceso del servicio firmado. Este proceso es muy similar, pero no idéntico al ... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx • CWE-427: Uncontrolled Search Path Element •
CVSS: 3.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9700
https://notcve.org/view.php?id=CVE-2019-9700
16 Jul 2019 — Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic. Norton Password Manager, anterior a versión 6.3.0.2082, puede ser susceptible a un problema de suplantación de direcciones. Este clase de problema puede permitir a un atacante disfrazar su dirección IP de origen para ofuscar la fuente del tráfico de la red. • https://support.symantec.com/us/en/article.SYMSA1483.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6306
https://notcve.org/view.php?id=CVE-2018-6306
19 Apr 2018 — Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. Ejecución de código no autorizado de un DLL específico, conocido como ataque de secuestro de DLL, en las versiones anteriores a la 8.0.6.538 de Kaspersky Password Manager. • https://support.kaspersky.com/vulnerability.aspx?el=12430#120418 • CWE-426: Untrusted Search Path •