Arbitrary File Write

Dovecot is vulnerable to arbitrary file write. It does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk...

Write cache drives remain offline after creating the target devices through XDSW

Write cache drives remain offline after creating the target devices through XDSW. Moreover, the write cache data will be redirected to the PVS Server local diskautomatically...

UBUNTU-CVE-2021-29956

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will...

CVE-2021-29956

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will...

Information Disclosure

thunderbird is vulnerable to information disclosure. OpenPGP secret keys that were imported were stored unencrypted on the user's local disk...

CVE-2021-29956

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will...

Security Vulnerabilities fixed in Thunderbird 78.10.2 — Mozilla

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version...

dovecot -- multiple vulnerabilities

Dovecot team reports: CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk. CVE-2021-33515: On-path attacker...

Medium: cloud-init

Issue Overview: A vulnerability was discovered in cloud-init which can improperly disclose randomly generated passwords as part of the chpasswd module. The fix prevents the generated password from being written to a world-readable log file on the local disk. CVE-2021-3429 Affected Packages:...

HTML Injection

firefox is vulnerable to HTML injection. A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site...

Information Disclosure

spark-core is vulnerable to information disclosure. The vulnerability exists as it leaves data unencrypted on local disk...

Sensitive data written to disk unencrypted in Spark

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...

CVE-2019-10099

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...

Code injection

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...

PYSEC-2019-44

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...

CVE-2019-10099

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...

Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1303&desc=2 We have discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode clients when the following conditions are met: a It is invoked with the ObjectNameInformation...

PVS Write Cache Falling Back to Server Side When Using BDM

When trying to place the target device write cache on local disk it is falling back to the server side cache every time the target device boots. This is only seen when using a BDM boot method, there is no issue visible when using PXE boot...

MS IE 5.0 ActiveX "Object for constructing type libraries for scriptlets" Vulnerability

No description provided by source. Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 ActiveX Object for constructing type libraries for scriptlets Vulnerability source: http://www.securityfocus.com/bid/598/info The 'scriptlet.typlib' ActiveX control can create, edit, and...

xampp 1.8.1 任意文件写入漏洞

BUGTRAQ ID: 62665 CVE ID: CVE-2013-2586 XAMPP是跨平台开源Web服务器解决方案软件包，主要包括Apache HTTP Server, MySQL数据库, 以及用PHP及Perl编程语言编写的脚本的解释程序。 XAMPP 1.8.1的"/xampp/lang.php"页面存在注入漏洞，未授权用户可在本地磁盘内写入，本地文件 "lang.tmp"可以从远程机器上进行修改，可在目标用户浏览器中执行任意HTML或脚本代码，窃取用户凭证之类的敏感信息。 0 xampp 1.8.1 厂商补丁： xampp -----...