Total
115 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37080 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 7.5 High |
| There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | ||||
| CVE-2020-12494 | 2 Beckhoff, Intel | 20 Twincat, Twincat Driver, 82540em and 17 more | 2021-12-02 | 5.3 Medium |
| Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device. | ||||
| CVE-2019-8768 | 1 Apple | 1 Mac Os X | 2021-12-01 | 5.3 Medium |
| "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. | ||||
| CVE-2021-22450 | 1 Huawei | 1 Harmonyos | 2021-11-01 | 5.5 Medium |
| A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion. | ||||
| CVE-2019-1586 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2021-10-29 | 4.6 Medium |
| A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information. | ||||
| CVE-2020-5961 | 1 Nvidia | 1 Virtual Gpu Graphics Driver | 2021-07-21 | 5.5 Medium |
| NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service. | ||||
| CVE-2020-27888 | 1 Ui | 4 Unifi Controller, Unifi Controller Firmware, Unifi Meshing Access Point and 1 more | 2021-07-21 | 7.5 High |
| An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access. | ||||
| CVE-2020-14451 | 2 Apple, Mattermost | 2 Iphone Os, Mattermost Mobile | 2021-07-21 | 7.5 High |
| An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013. | ||||
| CVE-2020-13346 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.5 Medium |
| Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. | ||||
| CVE-2020-12857 | 1 Health | 1 Covidsafe | 2021-07-21 | 7.5 High |
| Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe. | ||||
| CVE-2020-12624 | 1 Theleague | 1 The League | 2021-07-21 | 6.5 Medium |
| The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions. | ||||
| CVE-2020-0286 | 1 Google | 1 Android | 2021-07-21 | 7.5 High |
| In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150214479 | ||||
| CVE-2020-0183 | 1 Google | 1 Android | 2021-07-21 | 7.8 High |
| In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-110181479 | ||||
| CVE-2019-8732 | 1 Apple | 1 Iphone Os | 2021-07-21 | 2.4 Low |
| The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device. | ||||
| CVE-2019-8548 | 1 Apple | 1 Watchos | 2021-07-21 | 2.4 Low |
| An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep. | ||||
| CVE-2019-5595 | 1 Freebsd | 1 Freebsd | 2021-07-21 | N/A |
| In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed. | ||||
| CVE-2019-20850 | 1 Mattermost | 1 Mattermost Mobile | 2021-07-21 | 5.3 Medium |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout. | ||||
| CVE-2019-20849 | 1 Mattermost | 1 Mattermost Mobile | 2021-07-21 | 5.3 Medium |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout. | ||||
| CVE-2019-17420 | 2 Oisf, Suricata-ids | 2 Libhtp, Suricata | 2021-07-21 | 5.3 Medium |
| In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. | ||||
| CVE-2019-14115 | 1 Qualcomm | 114 Apq8009, Apq8009 Firmware, Apq8017 and 111 more | 2021-07-21 | 5.5 Medium |
| u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secure domain as secure display is active' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | ||||