Mozilla: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07)

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

IBM Sametime Information Disclosure Vulnerability (CNVD-2017-30592)

IBM Sametime is a suite of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data and video. A security vulnerability exists in IBM Sametime versions 8.5.2 and 9.0. A local attacker...

CVE-2015-8034

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file...

CVE-2015-8034

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file...

PYSEC-2017-32

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file...

CVE-2015-8034

The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file...

SUSE-SU-2016:1897-1 Security update for salt

salt was updated to fix one security issue. This security issue was fixed: - CVE-2015-8034: Prevent saving state.sls cache data to disk with insecure permissions bsc957914...

Python urllib HTTP header injection vulnerability-vulnerability warning-the black bar safety net

The Python urllib library in Python 2 for urllib2 in Python 3 to urllib is a HTTP Protocol the following Protocol flow injection vulnerabilities. If an attacker can control the Python code to access an arbitrary URL, or allow Python code to access a malicious web servr, and that this vulnerabilit...

IBM Security QRadar Incident Forensics Cached SSL Page Vulnerability

IBM Security QRadar Incident Forensics is a suite of security forensic investigation software from IBM. The software supports in-depth forensic investigations of suspected malicious network security incidents, and repair network security vulnerabilities. IBM Security QRadar Incident Forensics 7.2...

APPLE-SA-2015-09-21-1 watchOS 2

APPLE-SA-2015-09-21-1 watchOS 2 watchOS 2 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: Th...

Apple iOS App Cache Data Leakage Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS suffers from a security vulnerability that allows local physical class access to users to read cached data from Apple apps...

CVE-2014-4409

WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing...

SuSE 11.3 Security Update : php53 (SAT Patch Number 9718)

This php53 update fixes the following security issues : - Insecure temporary file used for cache data was fixed by switching to a different root only directory /var/cache/php-pear. CVE-2014-5459 - An incomplete fix for CVE-2014-4049. CVE-2014-3597 %NASLMINLEVEL 70300 C Tenable Network Security,...

UBUNTU-CVE-2014-2983

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors...

CVE-2014-2983

Removed by vendor...

CVE-2014-1604

The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...

PYSEC-2014-17

The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...

Memory Bug Fixed in Tor Client

The Tor Project has fixed a flaw in its anonymization and privacy software that leaked information from memory on some machines running Tor that could give an attacker access to sensitive information stored in the cache. The issue was caused by the way that some compilers handle a specific functi...

WhatsApp Status Changer 0.2 Stable

!/bin/bash WhatsApp Status changer v0.2 stable A slim exploit able to change the WhatsApp user status in a remote way. This program is released under the terms of the GNU General Public License GPL, which is distributed with this software in the file "COPYING". The GPL specifies the terms under...

Unexpected ACL Behavior in BIND 9.7.2

Overview A flaw exists in BIND 9.7.2 through 9.7.2-P1 pertaining to how an ACL is applied. Description There is a flaw in BIND 9.7.2 through 9.7.2-P1 where the wrong ACL is applied. This flaw could allow access to a cache via recursion even though the ACL disallowed it. This bug is primarily a ri...