Lucene search
K

163 matches found

NVD
NVD
added 2024/01/29 3:15 p.m.22 views

CVE-2023-7204

The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides...

7.5CVSS7.5AI score0.00644EPSS
Exploits2References1
OSV
OSV
added 2024/01/29 3:15 p.m.2 views

CVE-2023-7204

The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides...

7.5CVSS7.3AI score0.00644EPSS
Exploits2References1
Prion
Prion
added 2024/01/29 3:15 p.m.24 views

Design/Logic Flaw

The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides...

5CVSS7.1AI score0.00644EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/01/29 2:44 p.m.28 views

CVE-2023-7204 WP STAGING WordPress Backup Plugin < 3.2.0 - Unauthorized Sensitive Data Exposure

The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides...

7.7AI score0.00644EPSS
Exploits2References1
CVE
CVE
added 2024/01/29 2:44 p.m.69 views

CVE-2023-7204

The CVE-2023-7204 entry concerns the WP STAGING WordPress Backup Plugin prior to version 3.2.0, which allows unauthorized access to cache files during the cloning process, leading to sensitive data exposure. Public references (NVD, Patchstack) confirm unauthenticated access risk and indicate the ...

7.5CVSS7.6AI score0.00644EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/01/25 11:15 p.m.3 views

CVE-2024-21619

A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system...

7.5CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/25 12:0 a.m.5 views

PT-2024-1427 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on SRX Series and EX Series versions earlier than 20.4R3-S9 Juniper Networks Junos OS on SRX Series and EX Series 21.2 versions earlier than 21.2R3-S7 Juniper Networks Junos OS on SRX Series and EX Series 21.3 versio...

7.5CVSS7.5AI score0.00882EPSS
Exploits0References26
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.15 views

WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.2.0 - Unauthorized Sensitive Data Exposure

Description The plugin allows access to cache files during the cloning process which provides unauthorized access to sensitive data PoC 1 When an admin creates a staging site, an attacker can capture a .cache file which reveals sensitive information including: DBname, DBtables, DBcolumns. 2 These...

7.5CVSS6.1AI score0.00644EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/07 12:0 a.m.15 views

WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download

Description The plugin does not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later. PoC The plugin creates temporary cache files when backing up sites, which are publicly accessible to anyone. Said cache...

7.5CVSS6.3AI score0.00782EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/29 12:0 a.m.41 views

Fedora 38 : cutter-re / rizin (2023-af305bed3d)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-af305bed3d advisory. rebase rizin to v0.5.1 and cutter-re to 0.2.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

7.8CVSS6.6AI score0.00364EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-1507

The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...

7.5CVSS7AI score0.02522EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.6 views

SUSE CVE-2011-0727

GNOME Display Manager gdm 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a 1 dmrc or 2 face icon file under /var/cache/gdm/...

6.9CVSS6.7AI score0.00376EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.2 views

SUSE CVE-2014-3219

fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on 1 /tmp/fishd.log.%s, 2 /tmp/.pac-cache.$USER, 3 /tmp/.yum-cache.$USER, or 4 /tmp/.rpm-cache.$USER...

7.8CVSS6.8AI score0.0044EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:45 a.m.4 views

SUSE CVE-2017-8418

RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users...

3.3CVSS6.6AI score0.00409EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/09/25 12:0 a.m.37 views

GLSA-202209-06 : Rizin: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202209-06 Rizin: Multiple Vulnerabilities - Rizin v0.4.0 and below was discovered to contain an integer overflow via the function getlongobject. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted...

7.8CVSS6.9AI score0.00365EPSS
Exploits1References10
OSV
OSV
added 2022/09/06 12:0 a.m.23 views

CVE-2022-36042 Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execu...

7.8CVSS7.7AI score0.00355EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/14 2:5 a.m.28 views

Jython Improper Access Restrictions vulnerability

Jython before 2.7.2b3 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors...

4.6CVSS6.6AI score0.00441EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/04/24 8:37 p.m.13 views

GSD-2022-1000986 cachefiles: unmark inode in use in error path

cachefiles: unmark inode in use in error path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.4 by commit...

7.2AI score
Exploits0
NVD
NVD
added 2021/09/02 1:15 a.m.17 views

CVE-2021-31798

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...

4.4CVSS0.00437EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/09/02 12:9 a.m.18 views

CVE-2021-31798

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...

4.9AI score0.00437EPSS
Exploits0References4
Rows per page
Query Builder