<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>CWE-212 Archives - CVE Vulnerability</title>
	<atom:link href="https://cvevulnerability.com/cwe_categories/cwe-212/feed/" rel="self" type="application/rss+xml" />
	<link>https://cvevulnerability.com/cwe_categories/cwe-212/</link>
	<description></description>
	<lastBuildDate>Sun, 26 Feb 2023 06:44:56 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://cvevulnerability.com/wp-content/uploads/2023/02/cropped-Screenshot-2023-02-27-at-3.52.32-PM-32x32.png</url>
	<title>CWE-212 Archives - CVE Vulnerability</title>
	<link>https://cvevulnerability.com/cwe_categories/cwe-212/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>CVE-2018-1062</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2018-1062/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:44:56 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2018-1062/</guid>

					<description><![CDATA[<p>A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2018-1062/">CVE-2018-1062</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2018-1062/">CVE-2018-1062</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2020-9780</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2020-9780/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:43:53 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2020-9780/</guid>

					<description><![CDATA[<p>The issue was resolved by clearing application previews when content is deleted. This issue is fixed in iOS 13.4 and iPadOS 13.4. A local user may be able to view deleted content in the app switcher.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-9780/">CVE-2020-9780</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>The issue was resolved by clearing application previews when content is deleted. This issue is fixed in iOS 13.4 and iPadOS 13.4. A local user may be able to view deleted content in the app switcher.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-9780/">CVE-2020-9780</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2020-8696</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2020-8696/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:43:29 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2020-8696/</guid>

					<description><![CDATA[<p>Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-8696/">CVE-2020-8696</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-8696/">CVE-2020-8696</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2020-3874</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2020-3874/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:41:49 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2020-3874/</guid>

					<description><![CDATA[<p>An issued existed in the naming of screenshots. The issue was corrected with improved naming. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Screenshots of the Messages app may reveal additional message content.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-3874/">CVE-2020-3874</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>An issued existed in the naming of screenshots. The issue was corrected with improved naming. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Screenshots of the Messages app may reveal additional message content.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-3874/">CVE-2020-3874</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2020-36476</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2020-36476/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:41:40 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2020-36476/</guid>

					<description><![CDATA[<p>An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-36476/">CVE-2020-36476</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-36476/">CVE-2020-36476</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2020-26965</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2020-26965/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:40:11 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2020-26965/</guid>

					<description><![CDATA[<p>Some websites have a feature &#8220;Show Password&#8221; where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-26965/">CVE-2020-26965</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Some websites have a feature &#8220;Show Password&#8221; where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox &lt; 83, Firefox ESR &lt; 78.5, and Thunderbird &lt; 78.5.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-26965/">CVE-2020-26965</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2020-25635</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2020-25635/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:39:46 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2020-25635/</guid>

					<description><![CDATA[<p>A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-25635/">CVE-2020-25635</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-25635/">CVE-2020-25635</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2020-1940</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2020-1940/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:38:44 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2020-1940/</guid>

					<description><![CDATA[<p>The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-1940/">CVE-2020-1940</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-1940/">CVE-2020-1940</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2020-15094</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2020-15094/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:37:41 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2020-15094/</guid>

					<description><![CDATA[<p>In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-15094/">CVE-2020-15094</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-15094/">CVE-2020-15094</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2020-15024</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2020-15024/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 06:37:39 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2020-15024/</guid>

					<description><![CDATA[<p>An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-15024/">CVE-2020-15024</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2020-15024/">CVE-2020-15024</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>
