CVE-2013-4959

Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as 1 host name, 2 MAC address, and 3 SSH keys via the web browser cache...

UBUNTU-CVE-2024-56337

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be...

CVE-2018-10235

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache'setting''ucssocfg' in diy\module\member\models\Membermodel.php and write this code into the...

CVE-2013-4959

CVE-2013-4959 : Puppet Enterprise before 3.0.1 exposes HTTP responses without a no-cache header, enabling local users to retrieve sensitive data via browser cache. Affected: Puppet Enterprise prior to 3.0.1. Impact as described: potential leakage of host name, MAC address, and SSH keys. CVSS 2.0 ...

Security Release: symfony 1.3.6 and 1.4.6

New releases for symfony 1.3 and 1.4 have been packaged sooner than expected to address a security vulnerability reported yesterday. It is strongly recommended that all applications running symfony 1.3 and 1.4 upgrade to this latest release immediately. The Security Fix One of the enhancements...