Lucene search
K

156 matches found

cnvd
cnvd
added 2018/03/30 12:0 a.m.5 views

Apple iOS Files Widget Information Disclosure Vulnerability

Apple iOS is an operating system developed by Apple for mobile devices, and Files Widget is one of the file tool components. A security vulnerability exists in the Files Widget component in Apple iOS versions prior to 11.3, which can be exploited to obtain sensitive information by displaying cach...

4.6CVSS6.1AI score0.00384EPSS
Exploits0References1
redhat
redhat
added 2018/03/15 11:24 a.m.7 views

Mozilla: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07)

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

5.9CVSS7.3AI score0.02323EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2018/03/14 12:0 a.m.23 views

CVE-2018-5131

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

5.9CVSS6.9AI score0.02323EPSS
Exploits0References3
osv
osv
added 2018/03/14 12:0 a.m.3 views

UBUNTU-CVE-2018-5131

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

5.9CVSS6.9AI score0.02323EPSS
Exploits0References4
redhat
redhat
added 2018/03/12 5:3 p.m.5 views

infinispan: Unsafe deserialization of malicious object injected into data cache

It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...

8.8CVSS5.8AI score0.02881EPSS
Exploits0References4
zdt
zdt
added 2018/01/10 12:0 a.m.40 views

Multiple CPUs - Information Leak Using Speculative Execution Exploit

Exploit for hardware platform in category dos / poc == INTRODUCTION == This is a bug report about a CPU security issue that affects processors by Intel, AMD and to some extent ARM. I have written a PoC for this issue that, when executed in userspace on an Intel Xeon CPU E5-1650 v3 machine with a...

7AI score
Exploits0
osv
osv
added 2017/11/20 9:18 p.m.12 views

MGASA-2017-0421 Updated sssd packages fix security vulnerability

SSSD stores its cached data in an LDAP like local database file using libldb. To lookup cached data LDAP search filters like 'objectClass=user name=username' are used. However, in sysdbsearchuserbyupnres, the input is not sanitized and allows to manipulate the search filter for cache lookups. Thi...

8.8CVSS8.6AI score0.01499EPSS
Exploits0References3
cnvd
cnvd
added 2017/10/23 12:0 a.m.4 views

Apple iOS Keyboard Suggestions Information Disclosure Vulnerability

Apple iOS is an operating system developed by Apple for mobile devices.The Keyboard Suggestions component is one of the keyboard support components. A security vulnerability exists in the Keyboard Suggestions component in Apple iOS versions prior to 11, which stems from the iOS keyboard caching...

5.3CVSS6.7AI score0.00905EPSS
Exploits0References1
osv
osv
added 2017/08/10 12:0 a.m.3 views

UBUNTU-CVE-2017-7753

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

9.1CVSS7AI score0.03186EPSS
Exploits1References4
nvd
nvd
added 2017/07/21 8:29 p.m.16 views

CVE-2017-1381

IBM WebSphere Application Server Proxy Server or On-demand-router ODR 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152...

3.3CVSS3.4AI score0.00377EPSS
Exploits0References4
osv
osv
added 2017/07/21 8:29 p.m.4 views

CVE-2017-1381

IBM WebSphere Application Server Proxy Server or On-demand-router ODR 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152...

3.3CVSS7.3AI score
Exploits0References4
drupal
drupal
added 2017/02/15 12:0 a.m.10 views

Metatag -Moderately Critical - Information disclosure - SA-CONTRIB-2017-019

This module enables you to add a variety of meta tags to a site for helping with a site's search engine results and to customize how content is shared on social networks. The module doesn't sufficiently protect against data being cached that might contain information related to a specific user...

6.6AI score
Exploits0References13
cnvd
cnvd
added 2017/02/14 12:0 a.m.3 views

SaltStack Salt Information Disclosure Vulnerability (CNVD-2017-01659)

Salt a.k.a. SaltStack is an open source set of tools for managing infrastructure from SaltStack, Inc. in the United States. A security vulnerability exists in versions of Salt prior to 2015.8.3 that stems from the program assigning weak permissions to cached data. A local attacker could exploit t...

3.3CVSS6.4AI score0.00407EPSS
Exploits0References1
nvd
nvd
added 2016/11/30 11:59 a.m.17 views

CVE-2016-3002

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device...

2.1CVSS3.3AI score0.00334EPSS
Exploits0References3
osv
osv
added 2016/11/30 11:59 a.m.2 views

CVE-2016-3002

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device...

2.1CVSS5.8AI score0.00334EPSS
Exploits0References3
attackerkb
attackerkb
added 2016/11/30 11:59 a.m.2 views

CVE-2016-3002

IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device...

2.1CVSS5.5AI score0.00334EPSS
Exploits0References4
osv
osv
added 2016/03/24 1:59 a.m.3 views

CVE-2016-1786

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx aka redirection status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted...

5.4CVSS7.4AI score0.01171EPSS
Exploits0References6
osv
osv
added 2016/03/24 1:59 a.m.1 views

CVE-2016-1785

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...

6.5CVSS5.8AI score0.01544EPSS
Exploits0References6
nvd
nvd
added 2016/03/24 1:59 a.m.13 views

CVE-2016-1785

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...

6.5CVSS5.4AI score0.01544EPSS
Exploits0References6
osv
osv
added 2016/03/24 1:59 a.m.5 views

UBUNTU-CVE-2016-1785

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...

6.5CVSS5.8AI score0.01544EPSS
Exploits0References7
Rows per page
Query Builder