Lucene search
K

245 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:35 a.m.6 views

CVE-2013-1231

The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629...

5CVSS7.1AI score0.01186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:4 a.m.10 views

CVE-2019-5175

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...

7.8CVSS7.3AI score0.01358EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:45 p.m.9 views

CVE-2009-5053

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file...

7.5CVSS7.8AI score0.02091EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/05/13 12:0 a.m.101 views

📄 LINQPad Insecure Deserialization

This Metasploit module exploits a bug in LINQPad up to version 5.48.00. The bug is only exploitable in paid version of software. The core of a bug is cache file containing deserialized data, which attacker can overwrite with malicious payload. The data gets deserialized every time the app restart...

8.1AI score0.00488EPSS
Exploits5
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.19 views

PT-2025-22215

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition in the Linux kernel's SMB client can occur when a pre-existing valid cfid returned from find or create cached dir might race with a lease break. This can cause open cach...

5.5CVSS5.5AI score0.00148EPSS
Exploits0
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.5 views

HDF5 安全漏洞

HDF5 is a library of HDF open source . HDF5 suffers from a heap buffer overflow vulnerability. The vulnerability stems from the mishandling of the freeblock parameter by the H5HLfldeserialize function in the src/H5HLcache.c file. No detailed vulnerability details are provided at this time...

5.5CVSS7.3AI score0.00269EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.4 views

FreeBSD : Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions (475d1968-f99d-11ef-b382-b0416f0c4c67)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 475d1968-f99d-11ef-b382-b0416f0c4c67 advisory. [email protected] reports: Spotipy is a lightweight Python library for the Spotify Web API...

9.8CVSS6.8AI score0.00589EPSS
Exploits1References3
OSV
OSV
added 2025/02/28 2:34 a.m.1 views

GHSA-PWHH-Q4H6-W599 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Summary The CacheHandler class creates a cache file to store the auth token here: https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cachehandler.pyL93-L98 The file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. I think 600 is ...

8.4CVSS6.9AI score0.00589EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/02/28 2:34 a.m.32 views

Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Summary The CacheHandler class creates a cache file to store the auth token here: https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cachehandler.pyL93-L98 The file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. I think 600 is ...

9.8CVSS6.4AI score0.00589EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2025/02/27 2:41 p.m.3 views

Incorrect Default Permissions

Overview spotipy is an A light weight Python library for the Spotify Web API Affected versions of this package are vulnerable to Incorrect Default Permissions via the CacheHandler class. An attacker can gain unauthorized access to administrative actions on the Spotify account by reading the spoti...

9.8CVSS6.8AI score0.00589EPSS
Exploits1References2
NVD
NVD
added 2025/02/27 2:15 p.m.9 views

CVE-2025-27154

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

9.8CVSS0.00589EPSS
Exploits1References4
CVE
CVE
added 2025/02/27 1:53 p.m.113 views

CVE-2025-27154

CVE-2025-27154 affects Spotipy’s CacheHandler file permissions. Before version 2.25.1, the cache file is created with 644 permissions by default, exposing the Spotify auth token to other users or processes on the same machine. Version 2.25.1 tightens permissions to 600, reducing token exposure. T...

9.8CVSS6.8AI score0.00589EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2025/02/27 1:53 p.m.14 views

CVE-2025-27154

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

9.8CVSS6.9AI score0.00589EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/02/27 1:53 p.m.6 views

CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

8.4CVSS6.3AI score0.00589EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/02/27 1:53 p.m.29 views

CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

8.4CVSS0.00589EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/02/27 12:0 a.m.14 views

Spotipy 安全漏洞

Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A security vulnerability exists in Spotipy versions prior to 2.25.1, which stems from the CacheHandler class creating a cache file with overly lax permissions, which could lead to the disclosure ...

9.8CVSS6.8AI score0.00589EPSS
Exploits1References5
FreeBSD
FreeBSD
added 2025/02/27 12:0 a.m.35 views

Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

[email protected] reports: Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw-----...

9.8CVSS6.7AI score0.00589EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/01/29 8:49 p.m.23 views

snowflake-connector-python vulnerable to insecure cache files permissions

Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects version...

5.5CVSS4.8AI score0.00137EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/12/27 2:15 p.m.9 views

UBUNTU-CVE-2024-53178

In the Linux kernel, the following vulnerability has been resolved: smb: Don't leak cfid when reconnect races with opencacheddir opencacheddir may either race with the tcon reconnection even before compoundsendrecv or directly trigger a reconnection via SMB2openinit or SMBqueryinfoinit. The...

4.7CVSS6.2AI score0.00218EPSS
Exploits0References19
Vulnrichment
Vulnrichment
added 2024/12/27 1:49 p.m.3 views

CVE-2024-53178 smb: Don't leak cfid when reconnect races with open_cached_dir

In the Linux kernel, the following vulnerability has been resolved: smb: Don't leak cfid when reconnect races with opencacheddir opencacheddir may either race with the tcon reconnection even before compoundsendrecv or directly trigger a reconnection via SMB2openinit or SMBqueryinfoinit. The...

6.1AI score0.00218EPSS
Exploits0References4
Rows per page
Query Builder