4 results (0.003 seconds)

CVSS: 2.5EPSS: 0%CPEs: 6EXPL: 0

A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexity of an attack is rather high. • https://vuldb.com/?id.278561 https://vuldb.com/?ctiid.278561 https://vuldb.com/?submit.411207 https://www.enpass.io/release-notes/windows-10-desktop • CWE-316: Cleartext Storage of Sensitive Information in Memory •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0

A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. Un componente de Kaspersky Password Manager podría permitir a un atacante elevar el nivel de integridad de un proceso de Medio a Alto This vulnerability allows local attackers to escalate privileges on affected installations of Kaspersky Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Kaspersky Password Manager Service. The issue results from execution with unnecessary privileges. An attacker can leverage this vulnerability to escalate privileges from medium integrity and execute code in the context of the current user at high integrity. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121 https://www.zerodayinitiative.com/advisories/ZDI-21-1335 • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation). La funcionalidad password generator del programa Kaspersky Password Manager no era completamente segura desde el punto de vista criptográfico, y en algunos casos potencialmente permitía a un atacante predecir las contraseñas generadas. Un atacante necesitaría conocer información adicional (por ejemplo, el momento de la generación de la contraseña) • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421 • CWE-326: Inadequate Encryption Strength •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. Ejecución de código no autorizado de un DLL específico, conocido como ataque de secuestro de DLL, en las versiones anteriores a la 8.0.6.538 de Kaspersky Password Manager. • https://support.kaspersky.com/vulnerability.aspx?el=12430#120418 • CWE-426: Untrusted Search Path •