156 matches found
Information disclosure
An issue was discovered on Samsung mobile devices with P9.0 software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 January 2020...
CVE-2020-10096
An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The...
Drupal 8.8.x < 8.8.1 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - The Drupal project uses the third-party library ArchiveTar, which has released a security update that impacts some Drupal configurations. Multiple vulnerabilities are possibl...
FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (3da0352f-2397-11ea-966e-000ffec0b3e1)
Drupal Security Team reports : A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt. Drupal 8 core's filesaveupload function does not strip the leading and trailing dot '.' from filenames, like Drupal 7 did. Users with t...
Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009
A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt...
TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server Information Disclosure Vulnerability (CNVD-2020-12703)
TIBCO Spotfire Analytics Platform for AWS Marketplace is a data visualization and analytics platform for the AWS Marketplace, an online software store.TIBCO Spotfire Server is an intelligent, secure, flexible, and scalable tool that provides data visualization , discovery, organizing and predicti...
drupal -- Drupal Core - Multiple Vulnerabilities
Drupal Security Team reports: A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt. Drupal 8 core's filesaveupload function does not strip the leading and trailing dot '.' from filenames, like Drupal 7 did. Users with th...
CVE-2019-17335
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacke...
CVE-2018-5131
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
Command Execution Vulnerability in Thunderwind Movie LFCMS v3.8.6
LFCMS is a film and television content management system developed in PHP and based on THINKPHP framework suitable for all kinds of video, film and television websites. LFCMS v3.8.6 has a command execution vulnerability, the vulnerability stems from the failure to filter cached data, an attacker...
Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud (CVE-2017-1381)
Summary There is an information disclosure in the WebSphere Application Server Proxy Server or On-Demand-Router ODR. This only occurs when the system clock is changed. If the system clock is changed it could cause stale data to be cached and served. Vulnerability Details Consult the security...
Security fix for the ALT Linux 10 package firefox-esr version 60.2.1-alt1
Sept. 24, 2018 Andrey Cherepanov 60.2.1-alt1 - New ESR version 60.2.1. - Fixed: + CVE-2018-12385 Crash in TransportSecurityInfo due to cached data + CVE-2018-12383 Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords...
Chaturbate: Form Replay in customer information form
The hacker found that the server replays some form field data back in the response when there were form validation errors, which could be cached or viewed by someone with physical access to the same device used to complete the form. The fix was to delete the form data from showing in the response...
CVE-2018-5131
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
CVE-2018-5131
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
DEBIAN-CVE-2018-5131
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
DEBIAN-CVE-2017-7753
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
CVE-2018-5131
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
CVE-2018-5131
CVE-2018-5131 affects Mozilla Firefox (ESR < 52.7 and Firefox
CVE-2018-4168
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device...