CVE-2019-19545
https://notcve.org/view.php?id=CVE-2019-19545
Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. Norton Password Manager, versiones anteriores a 6.6.2.5, puede ser susceptible a una vulnerabilidad de intercambio de recursos de origen cruzado (CORS), que es un tipo de problema que permite a recursos restringidos sobre una página web ser solicitados desde otro dominio fuera del dominio desde el cual el primer recurso fue servido. • https://support.symantec.com/us/en/article.SYMSA1499.html • CWE-346: Origin Validation Error •
CVE-2019-18381
https://notcve.org/view.php?id=CVE-2019-18381
Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cross origin resource sharing (CORS) vulnerability, which is a type of issue that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. Norton Password Manager, versiones anteriores a 6.6.2.5, puede ser susceptible a una vulnerabilidad de intercambio de recursos de origen cruzado (CORS), que es un tipo de problema que permite a recursos restringidos sobre una página web ser solicitados desde otro dominio fuera del dominio desde el cual primer recurso fue servido. • https://support.symantec.com/us/en/article.SYMSA1499.html • CWE-346: Origin Validation Error •
CVE-2019-9700
https://notcve.org/view.php?id=CVE-2019-9700
Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic. Norton Password Manager, anterior a versión 6.3.0.2082, puede ser susceptible a un problema de suplantación de direcciones. Este clase de problema puede permitir a un atacante disfrazar su dirección IP de origen para ofuscar la fuente del tráfico de la red. • https://support.symantec.com/us/en/article.SYMSA1483.html •
CVE-2019-10676
https://notcve.org/view.php?id=CVE-2019-10676
An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within the browser until a decision is made. The code of the pop-up window can be read by remote servers and contains the login credentials and URL in cleartext. A malicious server could easily grab this information from the pop-up. • https://cxsecurity.com/issue/WLB-2019040055 https://packetstormsecurity.com/files/152410/Uniqkey-Password-Manager-1.14-Credential-Disclosure.html https://seclists.org/fulldisclosure/2019/Apr/1 https://vuldb.com/?id.132740 • CWE-269: Improper Privilege Management •
CVE-2019-10884
https://notcve.org/view.php?id=CVE-2019-10884
Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security. Uniqkey Password Manager 1.14 contiene una vulnerabilidad porque no reconoce correctamente la diferencia entre los dominios y subdominios. Esta vulnerabilidad significa que las contraseñas guardadas para example.com serán recomendadas para usersite.example.com. • https://vuldb.com/?id.133069 • CWE-287: Improper Authentication •