Total
194 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12494 | 2 Beckhoff, Intel | 20 Twincat, Twincat Driver, 82540em and 17 more | 2024-11-21 | 5.3 Medium |
| Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device. | ||||
| CVE-2020-12414 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27. | ||||
| CVE-2020-10685 | 2 Debian, Redhat | 6 Debian Linux, Ansible Engine, Ansible Tower and 3 more | 2024-11-21 | 5 Medium |
| A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble. | ||||
| CVE-2020-0543 | 7 Canonical, Fedoraproject, Intel and 4 more | 724 Ubuntu Linux, Fedora, Celeron 1000m and 721 more | 2024-11-21 | 5.5 Medium |
| Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-0286 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479 | ||||
| CVE-2020-0258 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956 | ||||
| CVE-2020-0183 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479 | ||||
| CVE-2019-8768 | 2 Apple, Redhat | 2 Mac Os X, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. | ||||
| CVE-2019-8732 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.4 Low |
| The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device. | ||||
| CVE-2019-8730 | 1 Apple | 1 Mac Os X | 2024-11-21 | 3.3 Low |
| The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes. | ||||
| CVE-2019-8550 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | 4.3 Medium |
| An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing. | ||||
| CVE-2019-8548 | 1 Apple | 1 Watchos | 2024-11-21 | 2.4 Low |
| An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep. | ||||
| CVE-2019-5595 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed. | ||||
| CVE-2019-5011 | 1 Macpaw | 1 Cleanmymac X | 2024-11-21 | 5.5 Medium |
| An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. | ||||
| CVE-2019-3733 | 2 Dell, Emc | 2 Bsafe Crypto-c-micro-edition, Rsa Bsafe Crypto-c | 2024-11-21 | 4.9 Medium |
| RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. | ||||
| CVE-2019-25016 | 1 Opendoas Project | 1 Opendoas | 2024-11-21 | 8.8 High |
| In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue. | ||||
| CVE-2019-20850 | 1 Mattermost | 1 Mattermost Mobile | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout. | ||||
| CVE-2019-20849 | 1 Mattermost | 1 Mattermost Mobile | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout. | ||||
| CVE-2019-18191 | 1 Trendmicro | 1 Deep Security As A Service | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account. | ||||
| CVE-2019-17420 | 2 Oisf, Suricata-ids | 2 Libhtp, Suricata | 2024-11-21 | 5.3 Medium |
| In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. | ||||