181 matches found
VulnCheck KEV: CVE-2024-44000
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...
CVE-2024-36050
Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...
CVE-2024-12365 W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...
Server-side Request Forgery (SSRF)
Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to no restrictions on the URL, in the saveurltocache function. An attacker can access and download local resourc...
WordPress plugin WP Fastest Cache 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site reques...
Moderate: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
PT-2024-29980 · Espressif · Esp-Now
Name of the Vulnerable Software and Affected Versions: ESP-NOW versions prior to 2.5.2 Description: A replay attacks vulnerability was discovered in the ESP-NOW Component, which provides a connectionless Wi-Fi communication protocol. The issue arises because the cache is not differentiated by...
CVE-2024-41074
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set object to close if ondemandid 0 in copen If copen is maliciously called in the user mode, it may delete the request corresponding to the random id. And the request may have not been read yet. Note that when the...
CVE-2024-30130
Technical details (affected products, versions, root cause, or fixes) are not publicly provided in the supplied documents. Monitor for updates from HCL/NVD/CVE listings.
CVE-2024-33004
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...
CVE-2024-23193
E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation...
CVE-2024-23193
E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation...
PT-2024-3336 · Glibc +10 · Glibc +10
Name of the Vulnerable Software and Affected Versions: glibc versions 2.15 and later Description: The Name Service Cache Daemon's nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache wa...
CVE-2023-45000
Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7...
Varnish Cache 安全漏洞
Varnish Cache is a suite of reverse web caching servers. A security vulnerability exists in Varnish Cache versions prior to 7.3.2 and 7.4.x prior to 7.4.3 and Varnish Enterprise versions prior to 6.0.12r6, which stems from a credit exhaustion that allows HTTP/2 connections to control the flow...
hw: cpu: arm64: Spectre-BHB
A new cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, was found in hw. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influence mispredicted branches within t...
PT-2024-15699 · WordPress · Vk Block Patterns
Name of the Vulnerable Software and Affected Versions: VK Block Patterns plugin for WordPress versions up to, and including, 1.31.1.1 Description: The issue is due to missing or incorrect nonce validation on the vbp clear patterns cache function, making it possible for unauthenticated attackers t...
CVE-2023-5236
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...
com.qwlabs.doraemon:feature-flags (>=0.2.257 <=0.2.290), com.qwlabs.doraemon:graphql (>=0.2.282 <=0.2.290) +10 more potentially affected by CVE-2023-6393 via io.quarkus:quarkus-cache (>=3.3.0.CR1 <=3.5.1)
io.quarkus:quarkus-cache MAVEN version =3.3.0.CR1, =0.2.257, =0.2.282, =0.2.281, =0.2.282, =0.2.257, =0.2.257, =0.2.257, =3.3.0.CR1, =3.3.0.CR1, =3.3.0.CR1, =3.3.0.CR1, =3.3.0.CR1, =3.5.1 Source cves: CVE-2023-6393 Source advisory: OSV:GHSA-XFV5-JQGP-VQHJ...
CVE-2023-30853 Gradle Build Action data written to GitHub Actions Cache may expose secrets
Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...