155 matches found
Code injection
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There ar...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud Deck 1.8.2 that stems from the fact that when obtaining a reference preview of a Deck card t...
CVE-2022-39266 isolated-vm has vulnerable CachedDataOptions in API
isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7...
PT-2022-24856 · Unknown · Isolated-Vm
Name of the Vulnerable Software and Affected Versions: isolated-vm versions 4.3.6 and prior Description: The issue allows attackers to bypass the sandbox and run arbitrary code in the nodejs process if untrusted v8 cached data is passed to the API through CachedDataOptions. This can be exploited ...
Rdiffweb 安全漏洞
Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. An information disclosure vulnerability exists in Rdiffweb versions prior to 2.4.8, which stems from the use of a cache containing...
CVE-2022-30699
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue...
The vulnerability of the corporate email management system Zimbra Collaboration Suite arises from the lack of measures to neutralize specific elements within it. This allows attackers to re-record any cached data.
The vulnerability of the Zimbra Collaboration Suite email management system exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to re-record any cached data remotely...
Virtuozzo Hybrid Infrastructure 5.0 Update 1.1 (5.0.1-53)
This update provides security and stability fixes. Vulnerability id: VSTOR-51927 A security fix for CVE-2022-0378. Vulnerability id: VSTOR-51506 Fixed a connectivity issue when an Open vSwitch bridge is recreated for VLAN physical networks. Vulnerability id: VSTOR-51357 Entering maintenance may g...
CVE-2020-4951
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information...
CVE-2020-4951
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information...
Insecure Sessions
github.com/hashicorp/vault is using insecure sessions. User-viewed secrets between sessions in a single shared browser are insecurely cached and revealed...
Samsung Health 代码问题漏洞
Samsung Health is a health management app from Samsung South Korea. Samsung Health suffers from a code issue vulnerability that stems from an improper checking vulnerability in Samsung Health. Exploitation of the vulnerability allows an attacker to read internal cached data via the export compone...
CVE-2021-24027
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material...
CVE-2021-0220
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser for example via XSS or access cached contents may be able to obtain a copy of...
The vulnerability of the arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c components of the Linux operating system allows a hacker to gain unauthorized access to certain information.
The vulnerability of the arch/powerpc/kernel/entry64.S and arch/powerpc/kernel/security.c components of the Linux operating system is related to the recovery of data that remains in the processor cache as a result of speculative execution of instructions. Exploiting this vulnerability can allow a...
CVE-2020-4312
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089...
Samsung Mobile Device Information Disclosure Vulnerability (CNVD-2020-33795)
Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An information disclosure vulnerability exists in Samsung mobile devices, which can be exploited by attackers to gain access to cached data...
CVE-2020-10853
An issue was discovered on Samsung mobile devices with P9.0 software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 January 2020...
CVE-2020-10853
An issue was discovered on Samsung mobile devices with P9.0 software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 January 2020...
Information disclosure
An issue was discovered on Samsung mobile devices with P9.0 software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 January 2020...