14 matches found
CVE-2026-6907
A flaw was found in Django. The django.middleware.cache.UpdateCacheMiddleware component incorrectly caches web requests when the Vary header contains an asterisk ''. This error can lead to sensitive private data being stored in the cache and subsequently served to unauthorized users, resulting in...
PT-2026-22012
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A flaw exists in the xf AppUpdateWindowFromSurface function where a cached XImage’s data pointer can reference a freed RDPGFX surface...
CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
SUSE: Security Advisory (SUSE-SU-2015:2340-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Chrome V8 TranslatedState::MaterializeCapturedObjectAt Caching Bug Exploit
Exploit for multiple platform in category dos / poc Chrome: V8: TranslatedState::MaterializeCapturedObjectAt caching bug Here'a snippet of TranslatedState::MaterializeCapturedObjectAt. case JSSETKEYVALUEITERATORTYPE: case JSSETVALUEITERATORTYPE: Handle object = Handle::cast...
SUSE-SU-2015:0979-2 Security update for dnsmasq
The DNS server dnsmasq was updated to fix one security issue and one non-security bug. The following vulnerability was fixed: CVE-2015-3294: A remote unauthenticated attacker could have caused a denial of service DoS or read heap memory, potentially disclosing information such as performed DNS...
SUSE-SU-2015:0979-1 Security update for dnsmasq
The DNS server dnsmasq was updated to fix one security issue and one non-security bug. The following vulnerability was fixed: CVE-2015-3294: A remote unauthenticated attacker could have caused a denial of service DoS or read heap memory, potentially disclosing information such as performed DNS...
OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423...
OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458...
OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423...
Scientific Linux Security Update : kernel on SL5.x i386/x86_64
These updated packages fix the following security issues : - a flaw in the hypervisor for hosts running on Itanium architectures allowed an Intel VTi domain to read arbitrary physical memory from other Intel VTi domains, which could make information available to unauthorized users. CVE-2007-6207,...
kernel security update
CentOS Errata and Security Advisory CESA-2009:1548 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages...