CVE-2021-35052 – Kaspersky Password Manager Improper Privilege Management Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-35052
A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. Un componente de Kaspersky Password Manager podría permitir a un atacante elevar el nivel de integridad de un proceso de Medio a Alto This vulnerability allows local attackers to escalate privileges on affected installations of Kaspersky Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Kaspersky Password Manager Service. The issue results from execution with unnecessary privileges. An attacker can leverage this vulnerability to escalate privileges from medium integrity and execute code in the context of the current user at high integrity. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121 https://www.zerodayinitiative.com/advisories/ZDI-21-1335 • CWE-269: Improper Privilege Management •
CVE-2021-32461 – Trend Micro Password Manager Integer Truncation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32461
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Trend Micro Password Manager (Consumer) versiones 5.0.0.1217 y por debajo es susceptible a una vulnerabilidad de Escalada de Privilegios por Truncamiento de Enteros que podría permitir a un atacante local desencadenar un desbordamiento de búfer y una escalada de privilegios en las instalaciones afectadas. Un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema objetivo para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend Micro Password Manager Central Control Service. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10388 https://www.zerodayinitiative.com/advisories/ZDI-21-773 • CWE-681: Incorrect Conversion between Numeric Types •
CVE-2021-32462 – Trend Micro Password Manager Exposed Dangerous Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-32462
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability. Trend Micro Password Manager (Consumer) versiones 5.0.0.1217 y por debajo es susceptible a una vulnerabilidad de Ejecución de Código Remota de Función Peligrosa Expuesta que podría permitir a un cliente no privilegiado manipular el registro y escalar privilegios para SYSTEM en las instalaciones afectadas. Es requerida la autenticación para explotar esta vulnerabilidad This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Password Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Trend Micro Password Manager Central Control Service. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10388 https://www.zerodayinitiative.com/advisories/ZDI-21-774 •
CVE-2020-27020
https://notcve.org/view.php?id=CVE-2020-27020
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation). La funcionalidad password generator del programa Kaspersky Password Manager no era completamente segura desde el punto de vista criptográfico, y en algunos casos potencialmente permitía a un atacante predecir las contraseñas generadas. Un atacante necesitaría conocer información adicional (por ejemplo, el momento de la generación de la contraseña) • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421 • CWE-326: Inadequate Encryption Strength •
CVE-2019-19546
https://notcve.org/view.php?id=CVE-2019-19546
Norton Password Manager, prior to 6.6.2.5, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. Norton Password Manager, versiones anteriores a 6.6.2.5, puede ser susceptible a un problema de divulgación de información, que es un tipo de vulnerabilidad mediante la cual se presenta una divulgación involuntaria de información a un actor que no está explícitamente autorizado para tener acceso a esa información. • https://support.symantec.com/us/en/article.SYMSA1499.html •