Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-459
Total 78 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-8768 1 Apple 1 Mac Os X 2021-12-01 5.0 MEDIUM 5.3 MEDIUM
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.
CVE-2021-22450 1 Huawei 1 Harmonyos 2021-11-01 4.9 MEDIUM 5.5 MEDIUM
A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion.
CVE-2019-1586 1 Cisco 1 Application Policy Infrastructure Controller 2021-10-29 2.1 LOW 4.6 MEDIUM
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information.
CVE-2021-32571 1 Ericsson 2 Operations Support System-radio And Core, Operations Support System-radio And Core Firmware 2021-10-20 4.0 MEDIUM 4.9 MEDIUM
** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to.
CVE-2020-15024 1 Avast 1 Antivirus 2021-07-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.
CVE-2020-27888 1 Ui 4 Unifi Controller, Unifi Controller Firmware, Unifi Meshing Access Point and 1 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access.
CVE-2020-5961 1 Nvidia 1 Virtual Gpu Graphics Driver 2021-07-21 2.1 LOW 5.5 MEDIUM
NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service.
CVE-2020-14451 2 Apple, Mattermost 2 Iphone Os, Mattermost Mobile 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013.
CVE-2020-13346 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.
CVE-2020-12857 1 Health 1 Covidsafe 2021-07-21 5.0 MEDIUM 7.5 HIGH
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.
CVE-2020-12624 1 Theleague 1 The League 2021-07-21 4.3 MEDIUM 6.5 MEDIUM
The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions.
CVE-2020-0286 1 Google 1 Android 2021-07-21 5.0 MEDIUM 7.5 HIGH
In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479
CVE-2020-0183 1 Google 1 Android 2021-07-21 4.4 MEDIUM 7.8 HIGH
In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479
CVE-2019-8732 1 Apple 1 Iphone Os 2021-07-21 2.1 LOW 2.4 LOW
The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device.
CVE-2019-8548 1 Apple 1 Watchos 2021-07-21 2.1 LOW 2.4 LOW
An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep.
CVE-2019-5595 1 Freebsd 1 Freebsd 2021-07-21 2.1 LOW 5.5 MEDIUM
In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.
CVE-2019-20850 1 Mattermost 1 Mattermost Mobile 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout.
CVE-2019-20849 1 Mattermost 1 Mattermost Mobile 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout.
CVE-2019-17420 2 Oisf, Suricata-ids 2 Libhtp, Suricata 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
CVE-2019-14115 1 Qualcomm 114 Apq8009, Apq8009 Firmware, Apq8017 and 111 more 2021-07-21 2.1 LOW 5.5 MEDIUM
u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secure domain as secure display is active' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130