Search criteria
9 vulnerabilities found for password_manager by kaspersky
FKIE_CVE-2021-35052
Vulnerability from fkie_nvd - Published: 2021-11-23 16:15 - Updated: 2024-11-21 06:11
Severity ?
Summary
A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High.
References
| URL | Tags | ||
|---|---|---|---|
| vulnerability@kaspersky.com | https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121 | Vendor Advisory | |
| vulnerability@kaspersky.com | https://www.zerodayinitiative.com/advisories/ZDI-21-1335/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-1335/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | password_manager | * | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 | |
| kaspersky | password_manager | 9.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A0AC120D-32C3-4E83-BB9D-4C69C18E1368",
"versionEndIncluding": "9.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:-:*:*:*:windows:*:*",
"matchCriteriaId": "058CA841-D966-46FD-81BB-17D931E24420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_a:*:*:*:windows:*:*",
"matchCriteriaId": "32B9179B-8F61-40AB-9926-3947AAE46A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_b:*:*:*:windows:*:*",
"matchCriteriaId": "558298F8-F5E4-4B77-90BB-A51B12863E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_c:*:*:*:windows:*:*",
"matchCriteriaId": "61D1CE9D-159A-496D-AEB9-2C454C4B2986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_d:*:*:*:windows:*:*",
"matchCriteriaId": "DD963F57-EF5F-436C-A696-83B98F03AA76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_e:*:*:*:windows:*:*",
"matchCriteriaId": "0F50AB50-CF18-40B0-8F05-E49D73F3AE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_f:*:*:*:windows:*:*",
"matchCriteriaId": "6308B84B-0AAC-454B-8998-0CA22CA33607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_g:*:*:*:windows:*:*",
"matchCriteriaId": "C177E75E-B015-49E4-916E-ACE011FF25C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_h:*:*:*:windows:*:*",
"matchCriteriaId": "CDBE8B17-00A1-444A-8333-462618564FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_i:*:*:*:windows:*:*",
"matchCriteriaId": "AA60E827-8ACA-47A1-8446-53DCD5F902E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_j:*:*:*:windows:*:*",
"matchCriteriaId": "1928F243-80CD-4B45-BB4B-D21AB17D624B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_k:*:*:*:windows:*:*",
"matchCriteriaId": "601DEE22-4EA9-4092-B636-67E37A7103B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_l:*:*:*:windows:*:*",
"matchCriteriaId": "58C08E8E-453A-489A-A257-B2D61AA2E3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_m:*:*:*:windows:*:*",
"matchCriteriaId": "7E90CE59-9C17-4AE8-BD4B-6C7EAAE2F237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_n:*:*:*:windows:*:*",
"matchCriteriaId": "32AD7B8C-8033-4F07-84A8-3799506D75BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_o:*:*:*:windows:*:*",
"matchCriteriaId": "3EF0EE02-EA49-4EBE-8407-1AF52B3E47AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_p:*:*:*:windows:*:*",
"matchCriteriaId": "0CB5CA27-CADE-4081-9D78-F7EE5E5AE57F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.0.2:patch_q:*:*:*:windows:*:*",
"matchCriteriaId": "FF4C06B6-3418-421B-8D30-20332C44E7D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High."
},
{
"lang": "es",
"value": "Un componente de Kaspersky Password Manager podr\u00eda permitir a un atacante elevar el nivel de integridad de un proceso de Medio a Alto"
}
],
"id": "CVE-2021-35052",
"lastModified": "2024-11-21T06:11:45.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-23T16:15:08.753",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-27020
Vulnerability from fkie_nvd - Published: 2021-05-14 11:15 - Updated: 2024-11-21 05:20
Severity ?
Summary
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | password_manager | * | |
| kaspersky | password_manager | * | |
| kaspersky | password_manager | * | |
| kaspersky | password_manager | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "13C5F5C1-31EF-4FC4-BC8B-C2DCA3151503",
"versionEndExcluding": "9.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8A93A31B-A011-4F9C-B5E4-D191C868F04E",
"versionEndExcluding": "9.2.14.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:android:*:*",
"matchCriteriaId": "520B67EE-04F3-4AAB-B5F0-7C2C74EE3D28",
"versionEndExcluding": "9.2.14.872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:9.2:-:*:*:*:windows:*:*",
"matchCriteriaId": "1CD4A2A2-0DEE-4D14-870A-87C9E817E2DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation)."
},
{
"lang": "es",
"value": "La funcionalidad password generator del programa Kaspersky Password Manager no era completamente segura desde el punto de vista criptogr\u00e1fico, y en algunos casos potencialmente permit\u00eda a un atacante predecir las contrase\u00f1as generadas. Un atacante necesitar\u00eda conocer informaci\u00f3n adicional (por ejemplo, el momento de la generaci\u00f3n de la contrase\u00f1a)"
}
],
"id": "CVE-2020-27020",
"lastModified": "2024-11-21T05:20:41.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-14T11:15:07.333",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Broken Link"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-6306
Vulnerability from fkie_nvd - Published: 2018-04-19 13:29 - Updated: 2024-11-21 04:10
Severity ?
Summary
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky | password_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky:password_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A2674F-B998-4841-A232-9604806D4C8D",
"versionEndExcluding": "8.0.6.538",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538."
},
{
"lang": "es",
"value": "Ejecuci\u00f3n de c\u00f3digo no autorizado de un DLL espec\u00edfico, conocido como ataque de secuestro de DLL, en las versiones anteriores a la 8.0.6.538 de Kaspersky Password Manager."
}
],
"id": "CVE-2018-6306",
"lastModified": "2024-11-21T04:10:27.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-19T13:29:00.450",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-35052 (GCVE-0-2021-35052)
Vulnerability from cvelistv5 – Published: 2021-11-23 15:30 – Updated: 2024-08-04 00:33
VLAI?
Summary
A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High.
Severity ?
No CVSS data available.
CWE
- LPE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Password Manager for Windows |
Affected:
KPM for Windows prior to 9.0.2 Patch R
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:50.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Password Manager for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "KPM for Windows prior to 9.0.2 Patch R"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "LPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-29T10:06:04",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2021-35052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Password Manager for Windows",
"version": {
"version_data": [
{
"version_value": "KPM for Windows prior to 9.0.2 Patch R"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "LPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2021-35052",
"datePublished": "2021-11-23T15:30:38",
"dateReserved": "2021-06-18T00:00:00",
"dateUpdated": "2024-08-04T00:33:50.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27020 (GCVE-0-2020-27020)
Vulnerability from cvelistv5 – Published: 2021-05-14 11:00 – Updated: 2024-08-04 16:03
VLAI?
Summary
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation).
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Password Manager for Windows, Kaspersky Password Manager for Android, Kaspersky Password Manager for iOS |
Affected:
KPM for Windows prior to 9.2 Patch F, KPM for Android prior to 9.2.14.872, KPM for iOS prior to 9.2.14.31
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Password Manager for Windows, Kaspersky Password Manager for Android, Kaspersky Password Manager for iOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "KPM for Windows prior to 9.2 Patch F, KPM for Android prior to 9.2.14.872, KPM for iOS prior to 9.2.14.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-14T11:00:04",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-27020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Password Manager for Windows, Kaspersky Password Manager for Android, Kaspersky Password Manager for iOS",
"version": {
"version_data": [
{
"version_value": "KPM for Windows prior to 9.2 Patch F, KPM for Android prior to 9.2.14.872, KPM for iOS prior to 9.2.14.31"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-27020",
"datePublished": "2021-05-14T11:00:04",
"dateReserved": "2020-10-12T00:00:00",
"dateUpdated": "2024-08-04T16:03:23.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6306 (GCVE-0-2018-6306)
Vulnerability from cvelistv5 – Published: 2018-04-19 13:00 – Updated: 2024-09-17 01:30
VLAI?
Summary
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.
Severity ?
No CVSS data available.
CWE
- Unauthorized code execution from specific DLL
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Kaspersky Password Manager |
Affected:
Before 8.0.6.538
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Password Manager",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "Before 8.0.6.538"
}
]
}
],
"datePublic": "2018-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized code execution from specific DLL",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-19T12:57:01",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-04-12T00:00:00",
"ID": "CVE-2018-6306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Password Manager",
"version": {
"version_data": [
{
"version_value": "Before 8.0.6.538"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized code execution from specific DLL"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6306",
"datePublished": "2018-04-19T13:00:00Z",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-09-17T01:30:42.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35052 (GCVE-0-2021-35052)
Vulnerability from nvd – Published: 2021-11-23 15:30 – Updated: 2024-08-04 00:33
VLAI?
Summary
A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High.
Severity ?
No CVSS data available.
CWE
- LPE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Password Manager for Windows |
Affected:
KPM for Windows prior to 9.0.2 Patch R
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:50.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Password Manager for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "KPM for Windows prior to 9.0.2 Patch R"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "LPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-29T10:06:04",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2021-35052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Password Manager for Windows",
"version": {
"version_data": [
{
"version_value": "KPM for Windows prior to 9.0.2 Patch R"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "LPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1335/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2021-35052",
"datePublished": "2021-11-23T15:30:38",
"dateReserved": "2021-06-18T00:00:00",
"dateUpdated": "2024-08-04T00:33:50.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27020 (GCVE-0-2020-27020)
Vulnerability from nvd – Published: 2021-05-14 11:00 – Updated: 2024-08-04 16:03
VLAI?
Summary
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation).
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Kaspersky Password Manager for Windows, Kaspersky Password Manager for Android, Kaspersky Password Manager for iOS |
Affected:
KPM for Windows prior to 9.2 Patch F, KPM for Android prior to 9.2.14.872, KPM for iOS prior to 9.2.14.31
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Password Manager for Windows, Kaspersky Password Manager for Android, Kaspersky Password Manager for iOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "KPM for Windows prior to 9.2 Patch F, KPM for Android prior to 9.2.14.872, KPM for iOS prior to 9.2.14.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-14T11:00:04",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2020-27020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Password Manager for Windows, Kaspersky Password Manager for Android, Kaspersky Password Manager for iOS",
"version": {
"version_data": [
{
"version_value": "KPM for Windows prior to 9.2 Patch F, KPM for Android prior to 9.2.14.872, KPM for iOS prior to 9.2.14.31"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421",
"refsource": "MISC",
"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2020-27020",
"datePublished": "2021-05-14T11:00:04",
"dateReserved": "2020-10-12T00:00:00",
"dateUpdated": "2024-08-04T16:03:23.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6306 (GCVE-0-2018-6306)
Vulnerability from nvd – Published: 2018-04-19 13:00 – Updated: 2024-09-17 01:30
VLAI?
Summary
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.
Severity ?
No CVSS data available.
CWE
- Unauthorized code execution from specific DLL
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Kaspersky Password Manager |
Affected:
Before 8.0.6.538
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kaspersky Password Manager",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "Before 8.0.6.538"
}
]
}
],
"datePublic": "2018-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized code execution from specific DLL",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-19T12:57:01",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-04-12T00:00:00",
"ID": "CVE-2018-6306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kaspersky Password Manager",
"version": {
"version_data": [
{
"version_value": "Before 8.0.6.538"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized code execution from specific DLL"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#120418"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-6306",
"datePublished": "2018-04-19T13:00:00Z",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-09-17T01:30:42.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}