CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51772
https://notcve.org/view.php?id=CVE-2023-51772
25 Dec 2023 — One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and l... • https://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-escalation-one-identity-password-manager-secure-password-extension • CWE-613: Insufficient Session Expiration •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48654 – One Identity Password Manager Kiosk Escape Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-48654
13 Dec 2023 — One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the Google ReCAPTCHA section, click on the Privacy link, observe that there is a new browser window, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe ... • https://packetstorm.news/files/id/176203 •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4003 – One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation
https://notcve.org/view.php?id=CVE-2023-4003
27 Sep 2023 — One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges. One Identity Password Manager versión 5.9.7.1: un atacante no autenticado con acceso físico a una estación de trabajo puede actualizar los privilegios a SISTEMA mediante un método no especificado. CWE-250: Ejecución con privilegios innecesarios. One Identity Password Manager version 5.... • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28394
https://notcve.org/view.php?id=CVE-2022-28394
26 May 2022 — EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). CVE de producto EOL - El instalador de Trend Micro Password Manager (Consumer) versiones 3.7.0.1223 y posteriores prop... • https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10977 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30523 – Trend Micro Password Manager Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-30523
11 May 2022 — Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine. Trend Micro Password Manager (Consumer) versión 5.0.0.1266 y anteriores, es susceptible a una vulnerabilidad de escalada de privilegios de seguimiento de enlaces que podría permitir a un atacante ... • https://helpcenter.trendmicro.com/en-us/article/tmka-09071 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28795
https://notcve.org/view.php?id=CVE-2022-28795
12 Apr 2022 — A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari. Una vulnerabilidad en las extensiones de navegador de Avira Pas... • https://support.norton.com/sp/static/external/tools/security-advisories.html •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26337
https://notcve.org/view.php?id=CVE-2022-26337
08 Mar 2022 — Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine. El instalador de Trend Micro Password Manager (Consumer) versión 5.0.0.1262 y anteriores, es susceptible a una vulnerabilidad de Elemento de Ruta de Búsqueda no Controlada que podría permitir a un atacante usar un archivo... • https://helpcenter.trendmicro.com/en-us/article/tmka-10954 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-35052 – Kaspersky Password Manager Improper Privilege Management Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-35052
23 Nov 2021 — A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. Un componente de Kaspersky Password Manager podría permitir a un atacante elevar el nivel de integridad de un proceso de Medio a Alto This vulnerability allows local attackers to escalate privileges on affected installations of Kaspersky Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability... • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32461 – Trend Micro Password Manager Integer Truncation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32461
05 Jul 2021 — Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Trend Micro Password Manager (Consumer) versiones 5.0.0.1217 y por debajo es susceptible a una vulnerabilidad de Escalad... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10388 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 9.0EPSS: 17%CPEs: 2EXPL: 0CVE-2021-32462 – Trend Micro Password Manager Exposed Dangerous Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-32462
05 Jul 2021 — Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability. Trend Micro Password Manager (Consumer) versiones 5.0.0.1217 y por debajo es susceptible a una vulnerabilidad de Ejecución de Código Remota de Función Peligrosa Expuesta que... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10388 •