Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20637 | 3 Opensuse, Varnish-cache, Varnish-software | 4 Backports Sle, Leap, Varnish Cache and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. | |||||
| CVE-2019-19362 | 2 Microsoft, Teamviewer | 2 Windows, Teamviewer | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges. | |||||
| CVE-2019-13402 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset. | |||||
| CVE-2019-11243 | 2 Kubernetes, Netapp | 2 Kubernetes, Trident | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig() | |||||
| CVE-2018-5559 | 1 Rapid7 | 1 Komand | 2024-11-21 | 4.0 MEDIUM | 3.4 LOW |
| In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions. | |||||
| CVE-2018-1062 | 1 Redhat | 1 Ovirt-engine | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM. | |||||
| CVE-2017-15113 | 2 Ovirt, Redhat | 2 Ovirt, Virtualization | 2024-11-21 | 3.5 LOW | 7.2 HIGH |
| ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues. | |||||
| CVE-2024-43554 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-10-17 | N/A | 5.5 MEDIUM |
| Windows Kernel-Mode Driver Information Disclosure Vulnerability | |||||