243 matches found
CVE-2009-5053
Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file...
📄 LINQPad Insecure Deserialization
This Metasploit module exploits a bug in LINQPad up to version 5.48.00. The bug is only exploitable in paid version of software. The core of a bug is cache file containing deserialized data, which attacker can overwrite with malicious payload. The data gets deserialized every time the app restart...
PT-2025-22215
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition in the Linux kernel's SMB client can occur when a pre-existing valid cfid returned from find or create cached dir might race with a lease break. This can cause open cach...
HDF5 安全漏洞
HDF5 is a library of HDF open source . HDF5 suffers from a heap buffer overflow vulnerability. The vulnerability stems from the mishandling of the freeblock parameter by the H5HLfldeserialize function in the src/H5HLcache.c file. No detailed vulnerability details are provided at this time...
FreeBSD : Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions (475d1968-f99d-11ef-b382-b0416f0c4c67)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 475d1968-f99d-11ef-b382-b0416f0c4c67 advisory. [email protected] reports: Spotipy is a lightweight Python library for the Spotify Web API...
Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
Summary The CacheHandler class creates a cache file to store the auth token here: https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cachehandler.pyL93-L98 The file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. I think 600 is ...
GHSA-PWHH-Q4H6-W599 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
Summary The CacheHandler class creates a cache file to store the auth token here: https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cachehandler.pyL93-L98 The file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. I think 600 is ...
Incorrect Default Permissions
Overview spotipy is an A light weight Python library for the Spotify Web API Affected versions of this package are vulnerable to Incorrect Default Permissions via the CacheHandler class. An attacker can gain unauthorized access to administrative actions on the Spotify account by reading the spoti...
CVE-2025-27154
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
CVE-2025-27154
CVE-2025-27154 affects Spotipy’s CacheHandler file permissions. Before version 2.25.1, the cache file is created with 644 permissions by default, exposing the Spotify auth token to other users or processes on the same machine. Version 2.25.1 tightens permissions to 600, reducing token exposure. T...
CVE-2025-27154
Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...
Spotipy 安全漏洞
Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A security vulnerability exists in Spotipy versions prior to 2.25.1, which stems from the CacheHandler class creating a cache file with overly lax permissions, which could lead to the disclosure ...
Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
[email protected] reports: Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw-----...
snowflake-connector-python vulnerable to insecure cache files permissions
Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects version...
UBUNTU-CVE-2024-53178
In the Linux kernel, the following vulnerability has been resolved: smb: Don't leak cfid when reconnect races with opencacheddir opencacheddir may either race with the tcon reconnection even before compoundsendrecv or directly trigger a reconnection via SMB2openinit or SMBqueryinfoinit. The...
CVE-2024-53178 smb: Don't leak cfid when reconnect races with open_cached_dir
In the Linux kernel, the following vulnerability has been resolved: smb: Don't leak cfid when reconnect races with opencacheddir opencacheddir may either race with the tcon reconnection even before compoundsendrecv or directly trigger a reconnection via SMB2openinit or SMBqueryinfoinit. The...
Best Practice for Setting the Citrix Profile Manager Cache File for Provisioning Services Server
This article describes the best practice for setting the Citrix Profile Manager Cache file for Provisioning Services PVSServer...
PT-2024-15229 · WordPress · Wp Staging
Name of the Vulnerable Software and Affected Versions: WP STAGING WordPress Backup plugin versions prior to 3.2.0 Description: The issue allows access to cache files during the cloning process. This provides unauthorized access to sensitive information. Recommendations: For versions prior to 3.2....