156 matches found
Apple iOS Files Widget Information Disclosure Vulnerability
Apple iOS is an operating system developed by Apple for mobile devices, and Files Widget is one of the file tool components. A security vulnerability exists in the Files Widget component in Apple iOS versions prior to 11.3, which can be exploited to obtain sensitive information by displaying cach...
Mozilla: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07)
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
CVE-2018-5131
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
UBUNTU-CVE-2018-5131
Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...
infinispan: Unsafe deserialization of malicious object injected into data cache
It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
Multiple CPUs - Information Leak Using Speculative Execution Exploit
Exploit for hardware platform in category dos / poc == INTRODUCTION == This is a bug report about a CPU security issue that affects processors by Intel, AMD and to some extent ARM. I have written a PoC for this issue that, when executed in userspace on an Intel Xeon CPU E5-1650 v3 machine with a...
MGASA-2017-0421 Updated sssd packages fix security vulnerability
SSSD stores its cached data in an LDAP like local database file using libldb. To lookup cached data LDAP search filters like 'objectClass=user name=username' are used. However, in sysdbsearchuserbyupnres, the input is not sanitized and allows to manipulate the search filter for cache lookups. Thi...
Apple iOS Keyboard Suggestions Information Disclosure Vulnerability
Apple iOS is an operating system developed by Apple for mobile devices.The Keyboard Suggestions component is one of the keyboard support components. A security vulnerability exists in the Keyboard Suggestions component in Apple iOS versions prior to 11, which stems from the iOS keyboard caching...
UBUNTU-CVE-2017-7753
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
CVE-2017-1381
IBM WebSphere Application Server Proxy Server or On-demand-router ODR 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152...
CVE-2017-1381
IBM WebSphere Application Server Proxy Server or On-demand-router ODR 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152...
Metatag -Moderately Critical - Information disclosure - SA-CONTRIB-2017-019
This module enables you to add a variety of meta tags to a site for helping with a site's search engine results and to customize how content is shared on social networks. The module doesn't sufficiently protect against data being cached that might contain information related to a specific user...
SaltStack Salt Information Disclosure Vulnerability (CNVD-2017-01659)
Salt a.k.a. SaltStack is an open source set of tools for managing infrastructure from SaltStack, Inc. in the United States. A security vulnerability exists in versions of Salt prior to 2015.8.3 that stems from the program assigning weak permissions to cached data. A local attacker could exploit t...
CVE-2016-3002
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device...
CVE-2016-3002
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device...
CVE-2016-3002
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device...
CVE-2016-1786
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx aka redirection status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted...
CVE-2016-1785
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...
CVE-2016-1785
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...
UBUNTU-CVE-2016-1785
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...