CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10884
https://notcve.org/view.php?id=CVE-2019-10884
Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security. Uniqkey Password Manager 1.14 contiene una vulnerabilidad porque no reconoce correctamente la diferencia entre los dominios y subdominios. Esta vulnerabilidad significa que las contraseñas guardadas para example.com serán recomendadas para usersite.example.com. • https://vuldb.com/?id.133069 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10845
https://notcve.org/view.php?id=CVE-2019-10845
An issue was discovered in Uniqkey Password Manager 1.14. When entering new credentials to a site that isn't registered within this product, a pop-up window will appear asking the user if they want to save these new credentials. The code of the pop-up window can be read and, to some extent, manipulated by remote servers. This pop-up window will stay on any page the user visits within the browser until a decision is made. A malicious web server can forcefully manipulate the pop-up and cause it not to appear, stopping users from securing their credentials. • http://packetstormsecurity.com/files/152452/Uniqkey-Password-Manager-1.14-Denial-Of-Service.html http://seclists.org/fulldisclosure/2019/Apr/8 https://vuldb.com/?id.132960 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6306
https://notcve.org/view.php?id=CVE-2018-6306
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. Ejecución de código no autorizado de un DLL específico, conocido como ataque de secuestro de DLL, en las versiones anteriores a la 8.0.6.538 de Kaspersky Password Manager. • https://support.kaspersky.com/vulnerability.aspx?el=12430#120418 • CWE-426: Untrusted Search Path •