Total
100 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1473 | 2 Netapp, Openssl | 43 A250, A250 Firmware, A700s and 40 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | |||||
CVE-2022-21127 | 2 Intel, Xen | 4 Sgx Dcap, Sgx Psw, Sgx Sdk and 1 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2022-21125 | 5 Debian, Fedoraproject, Intel and 2 more | 7 Debian Linux, Fedora, Sgx Dcap and 4 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2022-21123 | 5 Debian, Fedoraproject, Intel and 2 more | 7 Debian Linux, Fedora, Sgx Dcap and 4 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2021-36205 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
Under certain circumstances the session token is not cleared on logout. | |||||
CVE-2022-29160 | 1 Nextcloud | 1 Nextcloud | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available. | |||||
CVE-2022-21166 | 5 Debian, Fedoraproject, Intel and 2 more | 7 Debian Linux, Fedora, Sgx Dcap and 4 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2021-4032 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | 4.4 MEDIUM |
A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7. | |||||
CVE-2022-23035 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-02-04 | 4.7 MEDIUM | 4.6 MEDIUM |
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid. | |||||
CVE-2021-37080 | 1 Huawei | 1 Harmonyos | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | |||||
CVE-2021-45706 | 1 Zeroize Derive Project | 1 Zeroize Derive | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum. | |||||
CVE-2021-37092 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | |||||
CVE-2021-37089 | 1 Huawei | 1 Harmonyos | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel restart. | |||||
CVE-2021-39327 | 1 Ait-pro | 1 Bulletproof Security | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1. | |||||
CVE-2021-22450 | 1 Huawei | 1 Harmonyos | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion. | |||||
CVE-2020-36322 | 3 Debian, Linux, Starwindsoftware | 3 Debian Linux, Linux Kernel, Starwind Virtual San | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. | |||||
CVE-2021-22428 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass. | |||||
CVE-2021-32928 | 1 Thalesgroup | 1 Sentinel Ldk Run-time Environment | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947. | |||||
CVE-2020-24489 | 2 Debian, Intel | 214 Debian Linux, Atom X5-e3930, Atom X5-e3940 and 211 more | 2024-02-04 | 4.6 MEDIUM | 8.8 HIGH |
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-24458 | 1 Intel | 9 Ac 1550, Ac 9461, Ac 9462 and 6 more | 2024-02-04 | 4.1 MEDIUM | 5.2 MEDIUM |
Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service<b> </b>via adjacent access. |