Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

CVEs (187)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15024 1Avas!t 1Antivirus Nov 21, 2024 Sep 10, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock...Show more An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.Show less
CVE-2019-14115 1Qualcomm 57Apq8009 Firmware Apq8017 FirmwareApq8053 Firmware+54 more Nov 21, 2024 Sep 8, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secure domain as secure d...Show more u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secure domain as secure display is active' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130Show less
CVE-2020-0258 1Google 1Android Nov 21, 2024 Aug 11, 2020 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User intera...Show more In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956Show less
CVE-2020-12414 1Mozilla 1Firefox Nov 21, 2024 Jul 9, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private...Show more IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27.Show less
CVE-2020-14451 1Mattermost 1Mattermost Mobile Nov 21, 2024 Jun 19, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013.
CVE-2019-20850 1Mattermost 1Mattermost Mobile Nov 21, 2024 Jun 19, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout.
CVE-2019-20849 1Mattermost 1Mattermost Mobile Nov 21, 2024 Jun 19, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout.
CVE-2020-12494 1Beckhoff 2Twincat Twincat Driver Nov 21, 2024 Jun 16, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethern...Show more Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.Show less
CVE-2020-0543 6Canonical FedoraprojectIntel+3 more 694Celeron 1000m Celeron 1005mCeleron 1007u+691 more Nov 21, 2024 Jun 15, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-0183 1Google 1Android Nov 21, 2024 Jun 11, 2020 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Prod...Show more In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479Show less
CVE-2020-12857 1Health 1Covidsafe Nov 21, 2024 May 18, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.
CVE-2020-10685 2Debian Redhat 6Ansible Engine Ansible TowerCeph Storage+3 more Nov 21, 2024 May 11, 2020 N/A· v4 5.5 MEDIUM· v3 1.9 LOW· v2 A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 whe...Show more A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.Show less
CVE-2020-12624 1Theleague 1The League Nov 21, 2024 May 3, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attac...Show more The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions.Show less
CVE-2020-5961 1Nvidia 1Virtual Gpu Graphics Driver Nov 21, 2024 Mar 12, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service.
CVE-2020-6794 2Canonical Mozilla 2Thunderbird Ubuntu Linux Nov 21, 2024 Mar 2, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the da...Show more If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5.Show less
CVE-2012-5663 1Openbsd 1Textproc/isearch Nov 21, 2024 Dec 30, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).
CVE-2019-8768 1Apple 1Mac Os X Nov 21, 2024 Dec 18, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.
CVE-2019-8730 1Apple 1Mac Os X Nov 21, 2024 Dec 18, 2019 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.
CVE-2019-8550 1Apple 3Iphone Os Mac Os XWatchos Nov 21, 2024 Dec 18, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if th...Show more An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.Show less
CVE-2019-8548 1Apple 1Watchos Nov 21, 2024 Dec 18, 2019 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partial...Show more An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep.Show less

Previous 1...6 789 10 Next