182 matches found
CVE-2023-30853 Gradle Build Action data written to GitHub Actions Cache may expose secrets
Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...
CVE-2023-1928
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpreloadsinglecallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiat...
CVE-2023-1918
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpreloadsinglecallback function. This makes it possible for unauthenticated attackers to invoke a cache...
CVE-2023-1924 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_toolbar_save_settings_callback'
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfctoolbarsavesettingscallback function. This makes it possible for unauthenticated attackers to change cache...
SUSE CVE-2010-4180
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...
SUSE CVE-2020-15982
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
SUSE CVE-2020-25074
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution...
CVE-2023-0447
The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clearallcache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear t...
rdiffweb vulnerable to Use of Cache Containing Sensitive Information
rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue...
The vulnerability of the load_cache function in the GIMP graphic editor allows a hacker to transfer special application data and execute arbitrary OS commands on the target system.
The vulnerability of the loadcache function in the GIMP graphic editor exists because measures to neutralize the special elements used in the operating system command are not taken. Exploiting this vulnerability allows a malicious actor to transmit special application data and execute arbitrary O...
workflow-cps-global-lib: Sandbox bypass vulnerability
A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...
AZL-35013 CVE-2021-44716 affecting package multus for versions less than 4.0.2-1
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
UBUNTU-CVE-2021-38009
Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Web Cache Vulnerability Scanner - A Go-based CLI Tool For Testing For Web Cache Poisoning
Web Cache Vulnerability Scanner WCVS is a fast and versatile CLI scanner for web cache poisoning developed by Hackmanit. The scanner supports many different web cache poisoning techniques, includes a crawler to identify further URLs to test, and can adapt to a specific web cache for more efficien...
CyberArk Credential Provider Local Cache Can Be Decrypted
Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31798 2. Vulnerability Description CyberArk...
Insecure Token Validation
github.com/ory/oathkeeper is using an insecure token validation. It bypasses token claim validation once a token is in the cache. The vulnerability exists only when caching is not disabled...
The vulnerability of the Google Chrome browser’s cache component, which allows a perpetrator to access confidential data
The vulnerability of the Google Chrome browser’s cache component is related to issues with the use of cryptography. Exploiting this vulnerability could allow a remote attacker to gain access to confidential data...
DRUPAL-CONTRIB-2021-001
The optional Social Auth Extra module enables you to use the single sign-on methods provided by Open Social e.g. Facebook, LinkedIn, Google and Twitter. The module doesn't implement a proper cache strategy for anonymous users allowing the registration form to be cached with disclosed information ...
UBUNTU-CVE-2020-25074
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution...
CVE-2020-26112
The email quota cache in cPanel before 90.0.10 allows overwriting of files...