CVSS: 7.8EPSS: 75%CPEs: 1EXPL: 15CVE-2023-32784 – openSUSE Security Advisory - openSUSE-SU-2023:0163-1
https://notcve.org/view.php?id=CVE-2023-32784
15 May 2023 — In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation. En KeePass v2.x anterior a v2.54, es posible recuperar la contraseña maestra en texto cl... • https://github.com/Cmadhushanka/CVE-2023-32784-Exploitation • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 35%CPEs: 1EXPL: 7CVE-2023-24055
https://notcve.org/view.php?id=CVE-2023-24055
22 Jan 2023 — KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC. KeePass en la versión 2.53 (en una instalación por defecto) permite a un atacante, que tiene acceso de escritura al archivo de configuración XML, obtener las contraseñas en te... • https://github.com/deetl/CVE-2023-24055 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0725
https://notcve.org/view.php?id=CVE-2022-0725
07 Mar 2022 — A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. Se ha encontrado un fallo en keepass. La vulnerabilidad se produce debido al registro de las contraseñas en texto plano en el registro del sistema y conduce a una vulnerabilidad de exposición de información. • https://github.com/ByteHackr/keepass_poc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20184
https://notcve.org/view.php?id=CVE-2019-20184
09 Jan 2020 — KeePass 2.4.1 allows CSV injection in the title field of a CSV export. KeePass versión 2.4.1, permite una inyección CSV en el campo title de una exportación de CSV. • https://medium.com/%40Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000066
https://notcve.org/view.php?id=CVE-2017-1000066
13 Jul 2017 — The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. La función entry details view en KeePass versión 1.32, desencripta inadvertidamente ciertas entradas de base de datos en la memoria, resultando en la divulgación de información confidencial. • http://keepass.info/news/news_all.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-5119 – KeePass 2 Man-In-The-Middle
https://notcve.org/view.php?id=CVE-2016-5119
01 Jun 2016 — The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. La funcionalidad de actualización automática en KeePass 2.33 y versiones anteriores, permite a atacantes man-in-the-middle ejecutar código arbitrario suplantando la respuesta de comprobación de versión y suministrando una actualización manipulada. KeePass 2's update check suffers from a man-in-the-middle vulnerability. • https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5200
https://notcve.org/view.php?id=CVE-2010-5200
06 Sep 2012 — Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .kdb file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en KeePass Password Safe anterior a v1.18 permite a usuarios locales obtener privilegios a través de un troyano DLL en el directorio de trabajo actual, como lo demuest... • http://keepass.info/news/n100902_1.18.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5196
https://notcve.org/view.php?id=CVE-2010-5196
06 Sep 2012 — Untrusted search path vulnerability in KeePass Password Safe before 2.13 allows local users to gain privileges via a Trojan horse DwmApi.dll file in the current working directory, as demonstrated by a directory that contains a .kdbx file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en KeePass Password Safe anterior a v2.13 permite a usuarios locales obtener privilegios a través de un archivo dwmapi.dll caballo de troya en el director... • http://secunia.com/advisories/41167 •