Lucene search
K

155 matches found

Prion
Prion
added 2023/01/10 9:15 p.m.15 views

Code injection

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There ar...

3.5CVSS4AI score0.00687EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/01/10 12:0 a.m.5 views

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud Deck 1.8.2 that stems from the fact that when obtaining a reference preview of a Deck card t...

5.8CVSS5.2AI score0.00687EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/09/29 6:10 p.m.45 views

CVE-2022-39266 isolated-vm has vulnerable CachedDataOptions in API

isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7...

9.6CVSS9.9AI score0.01088EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/29 12:0 a.m.3 views

PT-2022-24856 · Unknown · Isolated-Vm

Name of the Vulnerable Software and Affected Versions: isolated-vm versions 4.3.6 and prior Description: The issue allows attackers to bypass the sandbox and run arbitrary code in the nodejs process if untrusted v8 cached data is passed to the API through CachedDataOptions. This can be exploited ...

9.8CVSS9.3AI score0.01088EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.3 views

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. An information disclosure vulnerability exists in Rdiffweb versions prior to 2.4.8, which stems from the use of a cache containing...

4.6CVSS6AI score0.00493EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/08/01 2:13 p.m.33 views

CVE-2022-30699

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue...

6.5CVSS6.8AI score0.0085EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/07/13 12:0 a.m.6 views

The vulnerability of the corporate email management system Zimbra Collaboration Suite arises from the lack of measures to neutralize specific elements within it. This allows attackers to re-record any cached data.

The vulnerability of the Zimbra Collaboration Suite email management system exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to re-record any cached data remotely...

7.8CVSS7.7AI score0.84593EPSS
Exploits2References5
Virtuozzo
Virtuozzo
added 2022/03/31 12:0 a.m.26 views

Virtuozzo Hybrid Infrastructure 5.0 Update 1.1 (5.0.1-53)

This update provides security and stability fixes. Vulnerability id: VSTOR-51927 A security fix for CVE-2022-0378. Vulnerability id: VSTOR-51506 Fixed a connectivity issue when an Open vSwitch bridge is recreated for VLAN physical networks. Vulnerability id: VSTOR-51357 Entering maintenance may g...

7.1CVSS1.3AI score0.03866EPSS
Exploits1
Cvelist
Cvelist
added 2021/10/15 3:55 p.m.24 views

CVE-2020-4951

IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information...

4CVSS3.6AI score0.00266EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/10/14 12:0 a.m.2 views

CVE-2020-4951

IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information...

4CVSS5.4AI score0.00266EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2021/08/16 10:37 a.m.7 views

Insecure Sessions

github.com/hashicorp/vault is using insecure sessions. User-viewed secrets between sessions in a single shared browser are insecurely cached and revealed...

5.3CVSS6.6AI score0.00911EPSS
Exploits0References3Affected Software2
CNNVD
CNNVD
added 2021/06/11 12:0 a.m.5 views

Samsung Health 代码问题漏洞

Samsung Health is a health management app from Samsung South Korea. Samsung Health suffers from a code issue vulnerability that stems from an improper checking vulnerability in Samsung Health. Exploitation of the vulnerability allows an attacker to read internal cached data via the export compone...

5.3CVSS5.9AI score0.00793EPSS
Exploits0References1
OSV
OSV
added 2021/04/06 5:15 p.m.4 views

CVE-2021-24027

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material...

7.5CVSS5.8AI score0.03805EPSS
Exploits1References1
OSV
OSV
added 2021/01/15 6:15 p.m.6 views

CVE-2021-0220

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser for example via XSS or access cached contents may be able to obtain a copy of...

6.8CVSS6.8AI score0.01154EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/06/26 12:0 a.m.2 views

The vulnerability of the arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c components of the Linux operating system allows a hacker to gain unauthorized access to certain information.

The vulnerability of the arch/powerpc/kernel/entry64.S and arch/powerpc/kernel/security.c components of the Linux operating system is related to the recovery of data that remains in the processor cache as a result of speculative execution of instructions. Exploiting this vulnerability can allow a...

4.7CVSS6.8AI score0.00736EPSS
Exploits0References50Affected Software7
OSV
OSV
added 2020/05/13 1:15 p.m.5 views

CVE-2020-4312

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089...

4.3CVSS5.8AI score0.00816EPSS
Exploits0References2
CNVD
CNVD
added 2020/03/25 12:0 a.m.1 views

Samsung Mobile Device Information Disclosure Vulnerability (CNVD-2020-33795)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An information disclosure vulnerability exists in Samsung mobile devices, which can be exploited by attackers to gain access to cached data...

5.3CVSS6.2AI score0.0034EPSS
Exploits0References1
OSV
OSV
added 2020/03/24 6:15 p.m.1 views

CVE-2020-10853

An issue was discovered on Samsung mobile devices with P9.0 software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 January 2020...

5.3CVSS6.1AI score0.0034EPSS
Exploits0References1
NVD
NVD
added 2020/03/24 6:15 p.m.10 views

CVE-2020-10853

An issue was discovered on Samsung mobile devices with P9.0 software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 January 2020...

5.3CVSS5.4AI score0.0034EPSS
Exploits0References1
Prion
Prion
added 2020/03/24 6:15 p.m.14 views

Information disclosure

An issue was discovered on Samsung mobile devices with P9.0 software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 January 2020...

5CVSS5.4AI score0.0034EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder