Filtered by CWE-459
Filtered by vendor Subscriptions
Total 158 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-8732 1 Apple 1 Iphone Os 2024-11-21 2.4 Low
The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device.
CVE-2019-8730 1 Apple 1 Mac Os X 2024-11-21 3.3 Low
The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.
CVE-2019-8550 1 Apple 3 Iphone Os, Mac Os X, Watchos 2024-11-21 4.3 Medium
An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.
CVE-2019-8548 1 Apple 1 Watchos 2024-11-21 2.4 Low
An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep.
CVE-2019-5595 1 Freebsd 1 Freebsd 2024-11-21 N/A
In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.
CVE-2019-5011 1 Macpaw 1 Cleanmymac X 2024-11-21 5.5 Medium
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.
CVE-2019-3733 2 Dell, Emc 2 Bsafe Crypto-c-micro-edition, Rsa Bsafe Crypto-c 2024-11-21 4.9 Medium
RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
CVE-2019-25016 1 Opendoas Project 1 Opendoas 2024-11-21 8.8 High
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.
CVE-2019-20850 1 Mattermost 1 Mattermost Mobile 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout.
CVE-2019-20849 1 Mattermost 1 Mattermost Mobile 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout.
CVE-2019-18191 1 Trendmicro 1 Deep Security As A Service 2024-11-21 8.8 High
A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.
CVE-2019-17420 2 Oisf, Suricata-ids 2 Libhtp, Suricata 2024-11-21 5.3 Medium
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
CVE-2019-14115 1 Qualcomm 114 Apq8009, Apq8009 Firmware, Apq8017 and 111 more 2024-11-21 5.5 Medium
u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secure domain as secure display is active' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
CVE-2019-13014 1 Obdev 1 Little Snitch 2024-11-21 5.5 Medium
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade.
CVE-2019-12902 1 Pydio 1 Cells 2024-11-21 N/A
Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data.
CVE-2019-11514 1 Flarum 1 Flarum 2024-11-21 N/A
User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.
CVE-2018-19961 3 Citrix, Debian, Xen 3 Xenserver, Debian Linux, Xen 2024-11-21 N/A
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
CVE-2018-18924 1 Projeqtor 1 Projeqtor 2024-11-21 N/A
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.
CVE-2018-18281 4 Canonical, Debian, Linux and 1 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2024-11-21 N/A
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.
CVE-2018-17467 3 Debian, Google, Redhat 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more 2024-11-21 N/A
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.