Vulnerabilities (CVE)

Filtered by CWE-459
Total 48 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-21166 5 Debian, Fedoraproject, Intel and 2 more 7 Debian Linux, Fedora, Sgx Dcap and 4 more 2022-08-03 2.1 LOW 5.5 MEDIUM
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21125 5 Debian, Fedoraproject, Intel and 2 more 7 Debian Linux, Fedora, Sgx Dcap and 4 more 2022-08-03 2.1 LOW 5.5 MEDIUM
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21123 5 Debian, Fedoraproject, Intel and 2 more 7 Debian Linux, Fedora, Sgx Dcap and 4 more 2022-08-03 2.1 LOW 5.5 MEDIUM
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-23035 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2022-07-29 4.7 MEDIUM 4.6 MEDIUM
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid.
CVE-2021-45330 1 Gitea 1 Gitea 2022-07-12 7.5 HIGH 9.8 CRITICAL
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.
CVE-2022-21127 2 Intel, Xen 4 Sgx Dcap, Sgx Psw, Sgx Sdk and 1 more 2022-07-07 2.1 LOW 5.5 MEDIUM
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2021-45706 1 Zeroize Derive Project 1 Zeroize Derive 2022-06-22 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.
CVE-2019-5011 1 Macpaw 1 Cleanmymac X 2022-06-13 6.6 MEDIUM 5.5 MEDIUM
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.
CVE-2022-0646 2 Linux, Netapp 17 Linux Kernel, Baseboard Management Controller H300e, Baseboard Management Controller H300e Firmware and 14 more 2022-05-11 7.2 HIGH 7.8 HIGH
A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.
CVE-2020-0258 1 Google 1 Android 2022-05-03 4.9 MEDIUM 5.5 MEDIUM
In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956
CVE-2020-0543 6 Canonical, Fedoraproject, Intel and 3 more 719 Ubuntu Linux, Fedora, Celeron 1000m and 716 more 2022-04-28 2.1 LOW 5.5 MEDIUM
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-25016 1 Opendoas Project 1 Opendoas 2022-04-26 6.5 MEDIUM 8.8 HIGH
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.
CVE-2021-36205 1 Johnsoncontrols 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server 2022-04-25 6.8 MEDIUM 9.8 CRITICAL
Under certain circumstances the session token is not cleared on logout.
CVE-2020-36322 2 Debian, Linux 2 Debian Linux, Linux Kernel 2022-04-18 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
CVE-2019-3733 2 Dell, Emc 2 Bsafe Crypto-c-micro-edition, Rsa Bsafe Crypto-c 2022-04-12 4.0 MEDIUM 4.9 MEDIUM
RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
CVE-2020-24489 2 Debian, Intel 214 Debian Linux, Atom X5-e3930, Atom X5-e3940 and 211 more 2022-04-06 4.6 MEDIUM 8.8 HIGH
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-4032 1 Linux 1 Linux Kernel 2022-01-28 4.9 MEDIUM 4.4 MEDIUM
A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7.
CVE-2019-8730 1 Apple 1 Mac Os X 2022-01-01 2.1 LOW 3.3 LOW
The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.
CVE-2020-6794 2 Canonical, Mozilla 2 Ubuntu Linux, Thunderbird 2022-01-01 4.3 MEDIUM 6.5 MEDIUM
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5.
CVE-2020-10685 2 Debian, Redhat 6 Debian Linux, Ansible Engine, Ansible Tower and 3 more 2021-12-21 1.9 LOW 5.5 MEDIUM
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.