Filtered by CWE-459
Filtered by vendor Subscriptions
Total 158 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-5961 1 Nvidia 1 Virtual Gpu Graphics Driver 2024-11-21 5.5 Medium
NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service.
CVE-2020-36322 4 Debian, Linux, Redhat and 1 more 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more 2024-11-21 5.5 Medium
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
CVE-2020-29623 4 Apple, Fedoraproject, Redhat and 1 more 8 Ipados, Iphone Os, Mac Os X and 5 more 2024-11-21 3.3 Low
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.
CVE-2020-27888 1 Ui 4 Unifi Controller, Unifi Controller Firmware, Unifi Meshing Access Point and 1 more 2024-11-21 7.5 High
An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access.
CVE-2020-24489 3 Debian, Intel, Redhat 221 Debian Linux, Atom X5-e3930, Atom X5-e3940 and 218 more 2024-11-21 8.8 High
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-24458 1 Intel 9 Ac 1550, Ac 9461, Ac 9462 and 6 more 2024-11-21 5.2 Medium
Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service<b>&nbsp;</b>via adjacent access.
CVE-2020-15024 1 Avast 1 Antivirus 2024-11-21 5.5 Medium
An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.
CVE-2020-14451 2 Apple, Mattermost 2 Iphone Os, Mattermost Mobile 2024-11-21 7.5 High
An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013.
CVE-2020-13451 1 Thecodingmachine 1 Gotenberg 2024-11-21 9.8 Critical
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.
CVE-2020-13346 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.
CVE-2020-12857 1 Health 1 Covidsafe 2024-11-21 7.5 High
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.
CVE-2020-12624 1 Theleague 1 The League 2024-11-21 6.5 Medium
The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions.
CVE-2020-12494 2 Beckhoff, Intel 20 Twincat, Twincat Driver, 82540em and 17 more 2024-11-21 5.3 Medium
Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.
CVE-2020-12414 1 Mozilla 1 Firefox 2024-11-21 6.5 Medium
IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27.
CVE-2020-10685 2 Debian, Redhat 6 Debian Linux, Ansible Engine, Ansible Tower and 3 more 2024-11-21 5 Medium
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.
CVE-2020-0543 7 Canonical, Fedoraproject, Intel and 4 more 724 Ubuntu Linux, Fedora, Celeron 1000m and 721 more 2024-11-21 5.5 Medium
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-0286 1 Google 1 Android 2024-11-21 7.5 High
In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479
CVE-2020-0258 1 Google 1 Android 2024-11-21 5.5 Medium
In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956
CVE-2020-0183 1 Google 1 Android 2024-11-21 7.8 High
In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479
CVE-2019-8768 2 Apple, Redhat 2 Mac Os X, Enterprise Linux 2024-11-21 5.3 Medium
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.