17 matches found
@perfood/couch-auth may expose session tokens, passwords
Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...
CVE-2025-64429
DuckDB 1.4.0–pre-1.4.2 encryption implementation is vulnerable due to multiple cryptographic weaknesses: insecure RNG (pcg32 fallback), possible memory wipe omission (memset) leaving secrets, and header manipulation could downgrade from GCM to CTR, bypassing integrity. There may also be unhandled...
EUVD-2005-2753
Malware in sbrugna...
EUVD-2004-0621
Malware in sbrugna...
EUVD-2005-1860
Malware in sbrugna...
EUVD-2007-6383
Malware in sbrugna...
EUVD-2005-3179
Malware in sbrugna...
CVE-2024-36353
CVE-2024-36353 is linked to cross-process disclosure in AMD Linux GPU drivers caused by insufficient clearing of GPU global memory. The vulnerability could allow a malicious process on the same GPU to read leftover memory, leading to loss of confidentiality. Affected component is the Linux GPU dr...
SAP BusinessObjects Business Intelligence Platform Information Disclosure (3312586)
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is vulnerable to information disclosure. If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, whoch could lead to an attacker...
CVE-2023-39440 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to...
August 30, 2018—KB4343893 (OS Build 16299.637)
August 30, 2018—KB4343893 OS Build 16299.637 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue in Microsoft Foundation Class MFC applications that may cause applications t...
FUSE 2.2/2.3 - Local Information Disclosure
// source: https://www.securityfocus.com/bid/13857/info FUSE is susceptible to a local information disclosure vulnerability. This issue is due to a failure of the kernel module to properly clear used memory prior to its reuse. This vulnerability allows malicious local users to gain access to...
CVE-2005-1858
FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information...
CVE-2004-0622
Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login aka Loginwindow.app, Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory...
CVE-2004-0622
Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login aka Loginwindow.app, Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory...
Mac OS X stores login/Keychain/FileVault passwords on disk
It seems that Mac OS X 10.3.4 tested doesn't bother clearing memory containing sensitive data, or using mlock to avoid swapping. A quick grep of the swapfiles will show up various morsels: rez: sudo strings -8 /var/vm/swapfile0 |grep -A 4 -i longname longname password user's password here /bin/zs...
CVE-2003-0291
3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets...