Security Bulletin: Cache control vulnerability affects IBM Edge (CVE-2020-4805).

Summary IBM Edge is affected by a cache control vulnerability. IBM Edge has resolved this vulnerability. Vulnerability Details CVEID: CVE-2020-4805 DESCRIPTION: IBM Edge allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4 CVSS Temporal Score:...

Security Bulletin: Cache control vulnerability affects IBM Edge (CVE-2020-4803).

Summary IBM Edge is affected by a cache control vulnerability. IBM Edge has resolved this vulnerability. Vulnerability Details CVEID: CVE-2020-4803 DESCRIPTION: IBM Edge allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4 CVSS Temporal Score:...

Targeted Cache Control

Content delivery networks CDNs have been around and have evolved over a long time in internet years. They all speak HTTP and you can safely rely on them to work with just about anything else that speaks HTTP. This is the beauty of standards -- HTTP in this case. What you cannot count on is there...

Targeted Cache Control

Content delivery networks CDNs have been around and have evolved over a long time in internet years. They all speak HTTP and you can safely rely on them to work with just about anything else that speaks HTTP...

Squid 缓冲区错误漏洞

Squid is a caching and forwarding HTTP web proxy. Squid suffers from a WCCP protocol data out-of-bounds read vulnerability. An attacker could exploit this vulnerability to obtain information...

Design/Logic Flaw

An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes such as the ones during scrubbing have reached the memory before handing over the page to a guest...

CVE-2021-26933

An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes such as the ones during scrubbing have reached the memory before handing over the page to a guest...

CVE-2021-26933

CVE-2021-26933 affects the Xen hypervisor (Xen 4.9–4.14.x) on ARM: a guest can influence cache-bypass behavior, and cache-cleaning may occur before scrub verification, so there is no guarantee that all writes have reached memory before handing the page to the guest. The practical consequence is p...

MediaWiki Information Disclosure Vulnerability (Jun 2020) - Windows

MediaWiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MediaWiki Information Disclosure Vulnerability (CNVD-2021-21939)

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.31.8, 1.32.x...

DEBIAN-CVE-2020-15005

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

CVE-2020-15005

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

CVE-2020-15005

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

UBUNTU-CVE-2020-15005

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

CVE-2020-15005

CVE-2020-15005 affects MediaWiki before 1.31.8, 1.32.x, 1.33.x before 1.33.4, and 1.34.x before 1.34.2. The root cause is mishandling of Cache-Control and Vary headers on private wikis behind a caching proxy using the img_auth.php image authorization feature, allowing public caches to store and s...

PT-2020-6807 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.31.8 MediaWiki versions 1.32.x MediaWiki versions 1.33.x prior to 1.33.4 MediaWiki versions 1.34.x prior to 1.34.2 Description: The issue concerns private wikis behind a caching server that use the img auth.php...

Citrix Gateway 11.1 / 12.0 / 12.1 Information Disclosure Vulnerability

Exploit for multiple platform in category web applications Product: Citrix Gateway Manufacturer: Citrix Systems, Inc. Affected Versions: 11.1, 12.0, 12.1 Tested Versions: 11.1.63.15, 12.0.63.13, 12.1.55.18 Vulnerability Type: Information Exposure Through Caching CWE-512 Risk Level: Information...

PT-2020-6879 · Abb · Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 4.0 through 6.0.3 Description: The issue is related to the improper configuration of the Cache-Control and Pragma HTTP headers within the application response. This can potentially allow browsers and proxies to cache...

CVE-2013-4572

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user...

Privilege escalation

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user...