Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13179 | 1 Teradici | 2 Graphics Agent, Pcoip Standard Agent | 2021-11-04 | 2.1 LOW | 5.5 MEDIUM |
| Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure. | |||||
| CVE-2019-19362 | 2 Microsoft, Teamviewer | 2 Windows, Teamviewer | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges. | |||||
| CVE-2020-3874 | 1 Apple | 2 Ipados, Iphone Os | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issued existed in the naming of screenshots. The issue was corrected with improved naming. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Screenshots of the Messages app may reveal additional message content. | |||||
| CVE-2020-11198 | 1 Qualcomm | 602 Aqt1000, Aqt1000 Firmware, Ar8031 and 599 more | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-15024 | 1 Avast | 1 Antivirus | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation. | |||||
| CVE-2020-9780 | 1 Apple | 2 Ipados, Iphone Os | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| The issue was resolved by clearing application previews when content is deleted. This issue is fixed in iOS 13.4 and iPadOS 13.4. A local user may be able to view deleted content in the app switcher. | |||||
| CVE-2020-11684 | 1 Linux4sam | 1 At91bootstrap | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader). | |||||
| CVE-2020-8696 | 4 Debian, Fedoraproject, Intel and 1 more | 502 Debian Linux, Fedora, Celeron 3855u and 499 more | 2021-07-02 | 2.1 LOW | 5.5 MEDIUM |
| Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-31780 | 1 Misp | 1 Misp | 2021-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused. | |||||
| CVE-2021-0340 | 1 Google | 1 Android | 2021-02-12 | 9.3 HIGH | 8.8 HIGH |
| In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134155286 | |||||
| CVE-2020-26965 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-25635 | 1 Redhat | 1 Ansible | 2020-10-08 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. | |||||
| CVE-2019-11243 | 2 Kubernetes, Netapp | 2 Kubernetes, Trident | 2020-10-02 | 4.3 MEDIUM | 8.1 HIGH |
| In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig() | |||||
| CVE-2019-13402 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset. | |||||
| CVE-2018-1062 | 1 Redhat | 1 Ovirt-engine | 2020-02-18 | 3.5 LOW | 5.3 MEDIUM |
| A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM. | |||||