Total
180 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20849 | 1 Mattermost | 1 Mattermost Mobile | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout. | |||||
| CVE-2019-1586 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information. | |||||
| CVE-2019-18191 | 1 Trendmicro | 1 Deep Security As A Service | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account. | |||||
| CVE-2019-17420 | 2 Oisf, Suricata-ids | 2 Libhtp, Suricata | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. | |||||
| CVE-2019-14115 | 1 Qualcomm | 114 Apq8009, Apq8009 Firmware, Apq8017 and 111 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secure domain as secure display is active' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-13014 | 1 Obdev | 1 Little Snitch | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade. | |||||
| CVE-2019-12902 | 1 Pydio | 1 Cells | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data. | |||||
| CVE-2019-11514 | 1 Flarum | 1 Flarum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens. | |||||
| CVE-2018-19961 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. | |||||
| CVE-2018-18924 | 1 Projeqtor | 1 Projeqtor | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message. | |||||
| CVE-2018-18281 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. | |||||
| CVE-2018-17467 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2018-15407 | 1 Cisco | 1 Hyperflex Hx Data Platform | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. | |||||
| CVE-2018-12332 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2024-11-21 | 1.9 LOW | 4.2 MEDIUM |
| Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset. | |||||
| CVE-2018-11068 | 1 Dell | 1 Bsafe Ssl-j | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. | |||||
| CVE-2012-5663 | 1 Openbsd | 1 Textproc\/isearch | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp). | |||||
| CVE-2023-20518 | 2024-11-05 | N/A | 1.9 LOW | ||
| Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality. | |||||
| CVE-2022-49012 | 1 Linux | 1 Linux Kernel | 2024-10-24 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: afs: Fix server->active leak in afs_put_server The atomic_read was accidentally replaced with atomic_inc_return, which prevents the server from getting cleaned up and causes rmmod to hang with a warning: Can't purge s=00000001 | |||||
| CVE-2022-49028 | 1 Linux | 1 Linux Kernel | 2024-10-24 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won't destroy the workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Add destroy_workqueue() in fail path to prevent the resource leak. Similar to the handling of u132_hcd_init in commit f276e002793c ("usb: u132-hcd: fix resource leak") | |||||
| CVE-2024-45445 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | N/A | 4.0 MEDIUM |
| Vulnerability of resources not being closed or released in the keystore module Impact: Successful exploitation of this vulnerability will affect availability. | |||||