Total
115 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6300 | 2024-06-25 | 3.7 Low | ||
| Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction | ||||
| CVE-2024-23672 | 2024-06-23 | N/A | ||
| Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. | ||||
| CVE-2021-46766 | 1 Amd | 56 Epyc 9124, Epyc 9124 Firmware, Epyc 9174f and 53 more | 2024-06-18 | 5.5 Medium |
| Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. | ||||
| CVE-2024-1048 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Grub2, Enterprise Linux | 2024-06-04 | 3.3 Low |
| A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks. | ||||
| CVE-2024-26005 | 2024-06-04 | 4.8 Medium | ||
| An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS. | ||||
| CVE-2024-20303 | 2024-06-04 | 7.4 High | ||
| A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to the wireless network and sending a continuous stream of specific mDNS packets. A successful exploit could allow the attacker to cause the wireless controller to have high CPU utilization, which could lead to access points (APs) losing their connection to the controller and result in a DoS condition. | ||||
| CVE-2023-45846 | 2024-06-04 | 5.5 Medium | ||
| Incomplete cleanup in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2021-32571 | 1 Ericsson | 2 Operations Support System-radio And Core, Operations Support System-radio And Core Firmware | 2024-05-17 | 4.9 Medium |
| In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to | ||||
| CVE-2020-15024 | 1 Avast | 1 Antivirus | 2024-02-14 | 5.5 Medium |
| An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation. | ||||
| CVE-2002-2070 | 1 Accessdata | 1 Secureclean | 2024-02-08 | 7.5 High |
| SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | ||||
| CVE-2005-1744 | 1 Bea | 1 Weblogic Server | 2024-02-08 | 9.8 Critical |
| BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. | ||||
| CVE-2002-2068 | 1 Tolvanen | 1 Eraser | 2024-02-08 | 7.5 High |
| Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | ||||
| CVE-2002-2069 | 1 Pgp | 1 Personal Privacy | 2024-02-08 | 7.5 High |
| PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | ||||
| CVE-2002-2067 | 1 East-tec | 1 Eraser | 2024-02-08 | 7.5 High |
| East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | ||||
| CVE-2005-2293 | 1 Oracle | 1 Forms Builder | 2024-02-08 | 5.5 Medium |
| Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information. | ||||
| CVE-2002-0788 | 1 Pgp | 3 Corporate Desktop, Freeware, Personal Security | 2024-02-08 | 5.5 Medium |
| An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information. | ||||
| CVE-2002-2066 | 1 Jetico | 1 Bcwipe | 2024-02-08 | 7.5 High |
| BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | ||||
| CVE-2000-0552 | 1 Icq | 1 Icq | 2024-02-08 | 5.5 Medium |
| ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information. | ||||
| CVE-2022-42320 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-02-04 | 7.0 High |
| Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0. | ||||
| CVE-2022-42310 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-02-04 | 5.5 Medium |
| Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base. | ||||