Total
90 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22428 | 1 Huawei | 2 Emui, Magic Ui | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
| There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass. | |||||
| CVE-2020-13451 | 1 Thecodingmachine | 1 Gotenberg | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros. | |||||
| CVE-2020-5987 | 1 Nvidia | 1 Virtual Gpu Manager | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | |||||
| CVE-2020-24458 | 1 Intel | 9 Ac 1550, Ac 9461, Ac 9462 and 6 more | 2023-12-10 | 4.1 MEDIUM | 5.2 MEDIUM |
| Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service<b> </b>via adjacent access. | |||||
| CVE-2019-25016 | 1 Opendoas Project | 1 Opendoas | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue. | |||||
| CVE-2020-10685 | 2 Debian, Redhat | 6 Debian Linux, Ansible Engine, Ansible Tower and 3 more | 2023-12-10 | 1.9 LOW | 5.5 MEDIUM |
| A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble. | |||||
| CVE-2020-0258 | 1 Google | 1 Android | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956 | |||||
| CVE-2020-12414 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27. | |||||
| CVE-2020-0543 | 6 Canonical, Fedoraproject, Intel and 3 more | 719 Ubuntu Linux, Fedora, Celeron 1000m and 716 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-12494 | 2 Beckhoff, Intel | 20 Twincat, Twincat Driver, 82540em and 17 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device. | |||||
| CVE-2019-3733 | 2 Dell, Emc | 2 Bsafe Crypto-c-micro-edition, Rsa Bsafe Crypto-c | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. | |||||
| CVE-2020-6794 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Thunderbird | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5. | |||||
| CVE-2019-8768 | 1 Apple | 1 Mac Os X | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. | |||||
| CVE-2019-8550 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing. | |||||
| CVE-2019-8730 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes. | |||||
| CVE-2012-5663 | 1 Openbsd | 1 Textproc\/isearch | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp). | |||||
| CVE-2019-18191 | 1 Trendmicro | 1 Deep Security As A Service | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account. | |||||
| CVE-2019-5011 | 1 Macpaw | 1 Cleanmymac X | 2023-12-10 | 6.6 MEDIUM | 5.5 MEDIUM |
| An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. | |||||
| CVE-2019-11514 | 1 Flarum | 1 Flarum | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens. | |||||
| CVE-2019-1586 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
| A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information. | |||||