Kaspersky Password Manager
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6306 | Hig | 0.51 | 7.8 | 0.03 | Apr 19, 2018 | Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. | ||
| CVE-2023-23349 | Low | 0.14 | 2.2 | 0.00 | Mar 22, 2024 | Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into… | ||
| CVE-2021-35052 | 0.00 | — | 0.00 | Nov 23, 2021 | A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. | |||
| CVE-2020-27020 | 0.00 | — | 0.01 | May 14, 2021 | Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password… |
- risk 0.51cvss 7.8epss 0.03
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.
- risk 0.14cvss 2.2epss 0.00
Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into…
- CVE-2021-35052Nov 23, 2021risk 0.00cvss —epss 0.00
A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High.
- CVE-2020-27020May 14, 2021risk 0.00cvss —epss 0.01
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password…