Vulnerabilities > Incomplete Cleanup

DATE CVE VULNERABILITY TITLE RISK
2018-12-08 CVE-2018-19961 Incomplete Cleanup vulnerability in multiple products
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
local
high complexity
xen debian citrix CWE-459
7.8
2018-11-14 CVE-2018-17467 Incomplete Cleanup vulnerability in multiple products
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google redhat debian CWE-459
4.3
2018-11-04 CVE-2018-18924 Incomplete Cleanup vulnerability in Projeqtor
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.
network
low complexity
projeqtor CWE-459
8.8
2018-10-30 CVE-2018-18281 Incomplete Cleanup vulnerability in multiple products
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.
local
low complexity
linux canonical debian CWE-459
7.8
2018-10-05 CVE-2018-15407 Incomplete Cleanup vulnerability in Cisco Hyperflex HX Data Platform 3.0(1A)
A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information.
local
low complexity
cisco CWE-459
5.5
2018-09-11 CVE-2018-11068 Incomplete Cleanup vulnerability in Dell Bsafe Ssl-J
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.
low complexity
dell CWE-459
4.6
2018-06-17 CVE-2018-12332 Incomplete Cleanup vulnerability in Ecos Secure Boot Stick Firmware 5.6.5
Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset.
high complexity
ecos CWE-459
4.2
2017-12-02 CVE-2017-17090 Incomplete Cleanup vulnerability in Digium Certified Asterisk
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older.
network
low complexity
digium CWE-459
7.5
2017-10-27 CVE-2017-0303 Incomplete Cleanup vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation.
network
low complexity
f5 CWE-459
7.5
2005-07-18 CVE-2005-2293 Incomplete Cleanup vulnerability in Oracle Forms Builder 9.0.4
Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
local
low complexity
oracle CWE-459
5.5