Mozilla Firefox < 123.0

The version of Firefox installed on the remote Windows host is prior to 123.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-05 advisory. - Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. Note: Thi...

CVE-2023-47722

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...

CVE-2023-47722

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...

Design/Logic Flaw

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...

CVE-2023-47722 IBM API Connect information disclosure

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...

CVE-2023-47722

IBM API Connect vulnerability CVE-2023-47722 affects API Connect versions 10.0.5.3 and 10.0.6.0, where user credentials are stored in the browser cache and can be read by a local user. The issue is described in IBM security advisories and Red Hat/NVD entries, with a base CVSS v3.1 score of 5.5–6....

IBM API Connect Security Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from International Business Machines IBM. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect versions V10.0.5....

PT-2023-30583 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 10.0.5.3 through 10.0.6.0 Description: The issue allows user credentials to be stored in the browser cache, which can be accessed by a local user. Recommendations: For versions 10.0.5.3 and 10.0.6.0, consider clearing...

Security Bulletin: API Connect V10 is vulnerable to credential exposure

Summary IBM API Connect V10 stores user credentials in browser cache which can be read by a local user CVE-2023-47722 Vulnerability Details CVEID:CVE-2023-47722 DESCRIPTION: IBM API Connect V10 stores user credentials in browser cache which can be read by a local user. CVSS Base score: 6.2 CVSS...

CVE-2023-4910 3scale-admin-portal: logged out users tokens can be accessed

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache...

CVE-2023-4910 3scale-admin-portal: logged out users tokens can be accessed

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache...

CVE-2023-4910

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache. Mitigation No mitigation is yet available for this flaw...

Rewrite policy fail to honored when binding to NetScaler Gateway Virtual Server

When you're trying to insert some promptsto NetScaler Gateway logon page via Rewrite policy, you may find the prompts strings are not displayed even if you refresh the web page or clear all browser cache. The Rewrite policy is not honored as expected...

SUSE CVE-2011-4690

Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

SUSE CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the...

Cengage LTI Session Management Leakage

Prior to December 10, 2022, Cengage, an education technology provider in use in many higher education environments primarily in the United States, had two issues in the way it handled session management over its Learning Tools Integration LTI pipeline. The first issue involves leaving unexpectedl...

UBUNTU-CVE-2022-1308

Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DRUPAL-CONTRIB-2022-045

The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal. The developers user can view API keys for their respective Apps. The module discloses information by allowing attackers to view cached information of API Keys from the browser cache for...

Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2022-045

The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal. The developers user can view API keys for their respective Apps. The module discloses information by allowing attackers to view cached information of API Keys from the browser cache for...

CVE-2022-25590

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application...