153 matches found
PT-2023-28197 · Gallagher · Gallagher Controller 6000
Name of the Vulnerable Software and Affected Versions: Gallagher Controller 6000 versions 8.60 or earlier Gallagher Controller 6000 versions 8.70 prior to vCR8.70.231204a Description: Sensitive information is not properly cleared after a debug or power state transition in the Controller 6000. Thi...
HSTS long filename clears contents
When saving HSTS data to an excessively long filename, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...
kernel: rtc: pl031: fix rtc features null pointer dereference
A flaw was found in the rtc-pl031 module in the Linux kernel. The alarm feature bit was cleaned before device initialization, which caused a NULL pointer dereference when there was no interrupt line. This resulted in a system crash and a denial of service...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox, which originates from the possibility that the browsing environment may not be cleared when closing a private window under certain circumstances...
Design/Logic Flaw
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to...
PT-2023-4259 · Sap · Sap Businessobjects Business Intelligence
Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence version 420 Description: The issue is related to insufficient protection of internal data in SAP BusinessObjects Business Intelligence. Under specific conditions, when a user logs in to a particular...
PT-2023-8971
Name of the Vulnerable Software and Affected Versions shadow-utils affected versions not specified Description A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the...
Important: samba
Issue Overview: An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. CVE-2018-14628 A user with sufficient...
PT-2023-22093 · Unknown · @Fastify/Csrf-Protection +1
Name of the Vulnerable Software and Affected Versions: @fastify/passport versions prior to the version that includes the configuration options clearSessionOnLogin and clearSessionIgnoreFields Description: The CSRF protection enforced by the @fastify/csrf-protection library, when combined with...
SUSE CVE-2005-2876
umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r remount option, which causes the file system to be remounted with just the read-only flag, which effectively clears the...
SUSE CVE-2005-3180
The Orinoco driver orinoco.c in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information...
SUSE CVE-2011-0011
qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions...
SUSE CVE-2011-1162
The tpmread function in the Linux kernel 2.6 does not properly clear memory, which might allow local users to read the results of the previous TPM command...
SUSE CVE-2018-6053
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page...
SUSE CVE-2019-20637
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the...
SUSE CVE-2020-24586
The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that received fragments be cleared from memory after reconnecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using...
CVE-2022-28764
The Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting...
Zoom Client 信息泄露漏洞
Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. An information disclosure vulnerability exists in Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows versions prior to 5.12.6, which stems from failing to clear data from a loc...
Johnson Controls Metasys ADS/ADX/OAS Servers 安全漏洞
Johnson Controls Metasys ADS/ADX/OAS Servers are an application and data server from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS Servers that stems from the fact that under certain circumstances, session tokens are not cleared upon logout...
CVE-2022-0227
DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage...