Filtered by vendor
Subscriptions
Total
117 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-14301 | 2 Netapp, Redhat | 14 Ontap Select Deploy Administration Utility, Advanced Virtualization, Codeready Linux Builder and 11 more | 2024-11-21 | 6.5 Medium |
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command. | ||||
CVE-2020-13179 | 1 Teradici | 2 Graphics Agent, Pcoip Standard Agent | 2024-11-21 | 5.5 Medium |
Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure. | ||||
CVE-2020-11740 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 5.5 Medium |
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed. | ||||
CVE-2020-11684 | 1 Linux4sam | 1 At91bootstrap | 2024-11-21 | 9.1 Critical |
AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader). | ||||
CVE-2020-11198 | 1 Qualcomm | 602 Aqt1000, Aqt1000 Firmware, Ar8031 and 599 more | 2024-11-21 | 6.7 Medium |
Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | ||||
CVE-2019-20637 | 4 Opensuse, Redhat, Varnish-cache and 1 more | 5 Backports Sle, Leap, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. | ||||
CVE-2019-19362 | 2 Microsoft, Teamviewer | 2 Windows, Teamviewer | 2024-11-21 | 6.5 Medium |
An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges. | ||||
CVE-2019-14615 | 3 Canonical, Intel, Redhat | 710 Ubuntu Linux, Atom E3805, Atom E3805 Firmware and 707 more | 2024-11-21 | 5.5 Medium |
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. | ||||
CVE-2019-13402 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2024-11-21 | N/A |
/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset. | ||||
CVE-2019-11723 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-11-21 | 7.5 High |
A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Firefox < 68. | ||||
CVE-2019-11716 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68. | ||||
CVE-2019-11711 | 3 Debian, Mozilla, Redhat | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2024-11-21 | 8.8 High |
When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | ||||
CVE-2019-11243 | 2 Kubernetes, Netapp | 2 Kubernetes, Trident | 2024-11-21 | 8.1 High |
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig() | ||||
CVE-2018-6337 | 1 Facebook | 2 Folly, Hhvm | 2024-11-21 | N/A |
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00. | ||||
CVE-2018-5559 | 1 Rapid7 | 1 Komand | 2024-11-21 | N/A |
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions. | ||||
CVE-2018-5131 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2024-11-21 | N/A |
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. | ||||
CVE-2018-1062 | 1 Redhat | 2 Ovirt-engine, Rhev Manager | 2024-11-21 | 5.3 Medium |
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM. | ||||
CVE-2018-19962 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. | ||||
CVE-2018-19961 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2024-11-21 | N/A |
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. | ||||
CVE-2018-12383 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-11-21 | N/A |
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. |