Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

CVEs (187)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-18191 1Trendmicro 1Deep Security As A Service Nov 21, 2024 Dec 16, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate t...Show more A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.Show less
CVE-2019-17420 2Oisf Suricata Ids 2Libhtp Suricata Nov 21, 2024 Oct 10, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
CVE-2019-3733 2Dell Emc 2Bsafe Crypto C Micro Edition Rsa Bsafe Crypto C Nov 21, 2024 Sep 30, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A maliciou...Show more RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.Show less
CVE-2019-13014 1Obdev 1Little Snitch Nov 21, 2024 Aug 23, 2019 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may there...Show more Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade.Show less
CVE-2019-12902 1Pydio 1Cells Nov 21, 2024 Jun 20, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data.
CVE-2019-1586 1Cisco 1Application Policy Infrastructure Controller Nov 21, 2024 May 3, 2019 N/A· v4 4.6 MEDIUM· v3 2.1 LOW· v2 A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulne...Show more A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information.Show less
CVE-2019-11514 1Flarum 1Flarum Nov 21, 2024 Apr 25, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.
CVE-2019-5011 1Macpaw 1Cleanmymac X Nov 21, 2024 Mar 21, 2019 N/A· v4 5.5 MEDIUM· v3 6.6 MEDIUM· v2 An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest...Show more An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.Show less
CVE-2019-5595 1Freebsd 1Freebsd Nov 21, 2024 Feb 12, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kerne...Show more In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.Show less
CVE-2018-19961 3Citrix DebianXen 3Debian Linux XenXenserver Nov 21, 2024 Dec 8, 2018 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
CVE-2018-17467 3Debian GoogleRedhat 5Chrome Debian LinuxEnterprise Linux Desktop+2 more Nov 21, 2024 Nov 14, 2018 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2018-18924 1Projeqtor 1Projeqtor Nov 21, 2024 Nov 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "...Show more The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.Show less
CVE-2018-18281 3Canonical DebianLinux 3Debian Linux Linux KernelUbuntu Linux Nov 21, 2024 Oct 30, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(),...Show more Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.Show less
CVE-2018-15407 1Cisco 1Hyperflex Hx Data Platform Nov 21, 2024 Oct 5, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files....Show more A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.Show less
CVE-2018-11068 1Dell 1Bsafe Ssl J Nov 21, 2024 Sep 11, 2018 N/A· v4 4.6 MEDIUM· v3 2.1 LOW· v2 RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.
CVE-2018-12332 1Ecos 1Secure Boot Stick Firmware Nov 21, 2024 Jun 17, 2018 N/A· v4 4.2 MEDIUM· v3 1.9 LOW· v2 Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset.
CVE-2017-17090 1Digium 2Asterisk Certified Asterisk May 13, 2026 Dec 2, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel dri...Show more An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.Show less
CVE-2017-0303 1F5 8Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Application Acceleration Manager+5 more May 13, 2026 Oct 27, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Ser...Show more In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections.Show less
CVE-2005-2293 1Oracle 1Forms Builder Apr 16, 2026 Jul 18, 2005 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
CVE-2005-1744 1Bea 1Weblogic Server Apr 16, 2026 May 24, 2005 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again,...Show more BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.Show less

Previous 1...6 7 8910 Next