Total
151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46766 | 1 Amd | 56 Epyc 9124, Epyc 9124 Firmware, Epyc 9174f and 53 more | 2024-11-21 | N/A | 2.5 LOW |
| Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. | |||||
| CVE-2021-45706 | 1 Zeroize Derive Project | 1 Zeroize Derive | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum. | |||||
| CVE-2021-45330 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse. | |||||
| CVE-2021-39327 | 1 Ait-pro | 1 Bulletproof Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1. | |||||
| CVE-2021-37092 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | |||||
| CVE-2021-37089 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel restart. | |||||
| CVE-2021-37080 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | |||||
| CVE-2021-36205 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Under certain circumstances the session token is not cleared on logout. | |||||
| CVE-2021-34421 | 1 Keybase | 1 Keybase | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device. | |||||
| CVE-2021-32928 | 1 Thalesgroup | 1 Sentinel Ldk Run-time Environment | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947. | |||||
| CVE-2021-32571 | 1 Ericsson | 2 Operations Support System-radio And Core, Operations Support System-radio And Core Firmware | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to | |||||
| CVE-2021-26833 | 1 Timelybills | 1 Timelybills | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted. | |||||
| CVE-2021-22450 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion. | |||||
| CVE-2021-22428 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass. | |||||
| CVE-2020-6794 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Thunderbird | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5. | |||||
| CVE-2020-5987 | 1 Nvidia | 1 Virtual Gpu Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | |||||
| CVE-2020-5961 | 1 Nvidia | 1 Virtual Gpu Graphics Driver | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service. | |||||
| CVE-2020-36322 | 3 Debian, Linux, Starwindsoftware | 3 Debian Linux, Linux Kernel, Starwind Virtual San | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. | |||||
| CVE-2020-27888 | 1 Ui | 4 Unifi Controller, Unifi Controller Firmware, Unifi Meshing Access Point and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access. | |||||
| CVE-2020-24489 | 2 Debian, Intel | 214 Debian Linux, Atom X5-e3930, Atom X5-e3940 and 211 more | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||