|
214041
|
10.0 |
CRITICAL
Network
|
apple
|
shortcuts
|
An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions.
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2019-7290
|
2024-11-21 13:47 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214042
|
5.5 |
MEDIUM
Local
|
apple
|
shortcuts
|
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user informat…
|
CWE-22
Path Traversal
|
CVE-2019-7289
|
2024-11-21 13:47 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214043
|
7.8 |
HIGH
Local
|
apple
|
mac_os_x
iphone_os
|
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privil…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-7286
|
2024-11-21 13:47 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214044
|
8.8 |
HIGH
Network
|
apple
|
iphone_os
tvos
icloud
itunes
safari
|
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing malicious…
|
CWE-416
Use After Free
|
CVE-2019-7285
|
2024-11-21 13:47 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214045
|
4.3 |
MEDIUM
Network
|
apple
|
iphone_os
|
This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.
|
NVD-CWE-noinfo
|
CVE-2019-7284
|
2024-11-21 13:47 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214046
|
5.4 |
MEDIUM
Network
|
avaya
|
ip_office_application_server
|
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product v…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7004
|
2024-11-21 13:47 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214047
|
9.8 |
CRITICAL
Network
|
qnap
|
photo_station
|
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest vers…
|
CWE-22
Path Traversal
|
CVE-2019-7195
|
2024-11-21 13:47 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214048
|
9.8 |
CRITICAL
Network
|
qnap
|
photo_station
|
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest vers…
|
CWE-22
Path Traversal
|
CVE-2019-7194
|
2024-11-21 13:47 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214049
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
|
CWE-20
Improper Input Validation
|
CVE-2019-7193
|
2024-11-21 13:47 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214050
|
9.8 |
CRITICAL
Network
|
qnap
|
photo_station
|
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versi…
|
CWE-863
Incorrect Authorization
|
CVE-2019-7192
|
2024-11-21 13:47 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
