Filtered by CWE-459
Filtered by vendor Subscriptions
Total 158 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-4002 5 Debian, Fedoraproject, Linux and 2 more 7 Debian Linux, Fedora, Linux Kernel and 4 more 2024-11-21 4.4 Medium
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
CVE-2021-46766 1 Amd 56 Epyc 9124, Epyc 9124 Firmware, Epyc 9174f and 53 more 2024-11-21 2.5 Low
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
CVE-2021-45706 1 Zeroize Derive Project 1 Zeroize Derive 2024-11-21 9.8 Critical
An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.
CVE-2021-45330 1 Gitea 1 Gitea 2024-11-21 9.8 Critical
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.
CVE-2021-43976 6 Debian, Fedoraproject, Linux and 3 more 24 Debian Linux, Fedora, Linux Kernel and 21 more 2024-11-21 4.6 Medium
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
CVE-2021-39327 1 Ait-pro 1 Bulletproof Security 2024-11-21 5.3 Medium
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
CVE-2021-37092 1 Huawei 3 Emui, Harmonyos, Magic Ui 2024-11-21 7.5 High
There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected.
CVE-2021-37089 1 Huawei 1 Harmonyos 2024-11-21 7.5 High
There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel restart.
CVE-2021-37080 1 Huawei 1 Harmonyos 2024-11-21 7.5 High
There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected.
CVE-2021-36205 1 Johnsoncontrols 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server 2024-11-21 8.1 High
Under certain circumstances the session token is not cleared on logout.
CVE-2021-34421 1 Keybase 1 Keybase 2024-11-21 3.7 Low
The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device.
CVE-2021-32928 1 Thalesgroup 1 Sentinel Ldk Run-time Environment 2024-11-21 9.8 Critical
The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947.
CVE-2021-32571 1 Ericsson 2 Operations Support System-radio And Core, Operations Support System-radio And Core Firmware 2024-11-21 4.9 Medium
In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to
CVE-2021-30639 3 Apache, Mcafee, Oracle 3 Tomcat, Epolicy Orchestrator, Big Data Spatial And Graph 2024-11-21 7.5 High
A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64.
CVE-2021-29649 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2024-11-21 5.5 Medium
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.
CVE-2021-26833 1 Timelybills 1 Timelybills 2024-11-21 5.9 Medium
Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted.
CVE-2021-22450 1 Huawei 1 Harmonyos 2024-11-21 5.5 Medium
A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion.
CVE-2021-22428 1 Huawei 2 Emui, Magic Ui 2024-11-21 8.1 High
There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2020-6794 3 Canonical, Mozilla, Redhat 4 Ubuntu Linux, Thunderbird, Enterprise Linux and 1 more 2024-11-21 6.5 Medium
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5.
CVE-2020-5987 1 Nvidia 1 Virtual Gpu Manager 2024-11-21 7.8 High
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.