| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A denial of service issue was addressed with improved memory handling. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. An attacker in a privileged position may be able to perform a denial of service attack. |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions. |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information. |
| The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos . |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. |
| This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing. |
| An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. |
| In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. |
| Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website. |
| Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication. |
| Optergy Proton/Enterprise devices have Hard-coded Credentials. |
| Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. |
| Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. |
| Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. |
| Optergy Proton/Enterprise devices allow Open Redirect. |
| Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. |
| Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). |
| Optergy Proton/Enterprise devices allow Username Disclosure. |
| Nortek Linear eMerge 50P/5000P devices have Default Credentials. |
| Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). |
