Total
145 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-12332 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2024-08-05 | N/A |
Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset. | ||||
CVE-2019-25016 | 1 Opendoas Project | 1 Opendoas | 2024-08-05 | 8.8 High |
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue. | ||||
CVE-2019-20849 | 1 Mattermost | 1 Mattermost Mobile | 2024-08-05 | 5.3 Medium |
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout. | ||||
CVE-2019-20850 | 1 Mattermost | 1 Mattermost Mobile | 2024-08-05 | 5.3 Medium |
An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout. | ||||
CVE-2019-18191 | 1 Trendmicro | 1 Deep Security As A Service | 2024-08-05 | 8.8 High |
A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account. | ||||
CVE-2019-17420 | 2 Oisf, Suricata-ids | 2 Libhtp, Suricata | 2024-08-05 | 5.3 Medium |
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. | ||||
CVE-2019-14115 | 1 Qualcomm | 114 Apq8009, Apq8009 Firmware, Apq8017 and 111 more | 2024-08-05 | 5.5 Medium |
u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secure domain as secure display is active' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | ||||
CVE-2019-13014 | 1 Obdev | 1 Little Snitch | 2024-08-04 | 5.5 Medium |
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade. | ||||
CVE-2019-12902 | 1 Pydio | 1 Cells | 2024-08-04 | N/A |
Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data. | ||||
CVE-2019-11514 | 1 Flarum | 1 Flarum | 2024-08-04 | N/A |
User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens. | ||||
CVE-2019-8768 | 2 Apple, Redhat | 2 Mac Os X, Enterprise Linux | 2024-08-04 | 5.3 Medium |
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. | ||||
CVE-2019-8730 | 1 Apple | 1 Mac Os X | 2024-08-04 | 3.3 Low |
The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes. | ||||
CVE-2019-8732 | 1 Apple | 1 Iphone Os | 2024-08-04 | 2.4 Low |
The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device. | ||||
CVE-2019-8550 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-08-04 | 4.3 Medium |
An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing. | ||||
CVE-2019-8548 | 1 Apple | 1 Watchos | 2024-08-04 | 2.4 Low |
An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep. | ||||
CVE-2019-5595 | 1 Freebsd | 1 Freebsd | 2024-08-04 | N/A |
In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed. | ||||
CVE-2019-5011 | 1 Macpaw | 1 Cleanmymac X | 2024-08-04 | 5.5 Medium |
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. | ||||
CVE-2020-36322 | 4 Debian, Linux, Redhat and 1 more | 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more | 2024-08-04 | 5.5 Medium |
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. | ||||
CVE-2020-29623 | 4 Apple, Fedoraproject, Redhat and 1 more | 8 Ipados, Iphone Os, Mac Os X and 5 more | 2024-08-04 | 3.3 Low |
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. | ||||
CVE-2020-27888 | 1 Ui | 4 Unifi Controller, Unifi Controller Firmware, Unifi Meshing Access Point and 1 more | 2024-08-04 | 7.5 High |
An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access. |