Total
157 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28764 | 1 Zoom | 3 Meetings, Rooms, Vdi Windows Meeting Clients | 2024-11-21 | N/A | 3.3 LOW |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account. | |||||
| CVE-2022-23035 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 4.7 MEDIUM | 4.6 MEDIUM |
| Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid. | |||||
| CVE-2022-1552 | 1 Postgresql | 1 Postgresql | 2024-11-21 | N/A | 8.8 HIGH |
| A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. | |||||
| CVE-2022-0646 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5. | |||||
| CVE-2022-0171 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). | |||||
| CVE-2021-4032 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7. | |||||
| CVE-2021-4002 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. | |||||
| CVE-2021-46766 | 1 Amd | 56 Epyc 9124, Epyc 9124 Firmware, Epyc 9174f and 53 more | 2024-11-21 | N/A | 2.5 LOW |
| Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. | |||||
| CVE-2021-45706 | 1 Zeroize Derive Project | 1 Zeroize Derive | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum. | |||||
| CVE-2021-45330 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse. | |||||
| CVE-2021-39327 | 1 Ait-pro | 1 Bulletproof Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1. | |||||
| CVE-2021-37092 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | |||||
| CVE-2021-37089 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel restart. | |||||
| CVE-2021-37080 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | |||||
| CVE-2021-36205 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Under certain circumstances the session token is not cleared on logout. | |||||
| CVE-2021-34421 | 1 Keybase | 1 Keybase | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device. | |||||
| CVE-2021-32928 | 1 Thalesgroup | 1 Sentinel Ldk Run-time Environment | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947. | |||||
| CVE-2021-32571 | 1 Ericsson | 2 Operations Support System-radio And Core, Operations Support System-radio And Core Firmware | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to | |||||
| CVE-2021-26833 | 1 Timelybills | 1 Timelybills | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted. | |||||
| CVE-2021-22450 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion. | |||||