77 matches found
Mozilla: Push notifications saved to disk unencrypted
The Mozilla Foundation Security Advisory describes this flaw as: Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox that originates from unencrypted push notifications stored on disk in private browsing mode, which could lead to the disclosure of sensitive informati...
CVE-2023-35699
Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card...
CVE-2023-35699
Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card...
PT-2023-25282 · Sick · Sick Icr890-4
Name of the Vulnerable Software and Affected Versions: SICK ICR890-4 affected versions not specified Description: The issue concerns cleartext storage on disk, which could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing an SD card...
Security Bulletin: Configuring Volume Throttling on Storwize V3500, V3700, V5000 and V7000 (Gen 2) with V7.5.0.0-V7.5.0.2 may cause a loss of access to data
Summary Abstract Changing the volume throttling attribute on a Storwize V3500, V3700, V5000 or V7000 Gen 2 system with V7.5.0.0-V7.5.0.2 may cause node canisters in the system to go offline with a node error 564, requiring manual recovery. Content Vulnerability Details Abstract Changing the volum...
SUSE CVE-2021-29960
Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk...
Design/Logic Flaw
Zulip is an open-source team collaboration tool. In versions of zulip prior to commit 2f6c5a8 but after commit 04cf68b users could upload files with arbitrary Content-Type which would be served from the Zulip hostname with Content-Disposition: inline and no Content-Security-Policy header, allowin...
netty: world readable temporary file containing sensitive data
CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled...
netty: world readable temporary file containing sensitive data
CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled...
[SECURITY] Fedora 35 Update: golang-github-ledisdb-0.6-5.20210112gitd35789e.fc35
Ledisdb is a high-performance NoSQL database library and server written in Go. It's similar to Redis but store data in disk. It supports many data structures including kv, list, hash, zset, set. LedisDB now supports multiple different databases as backends...
PT-2022-16701 · Silverstripe · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions 4.10 and earlier Description: The issue allows session fixation, where unexpired SessionIDs of logged out users can still be used to make authenticated requests when the hybridsessions module is us...
GHSA-5PG8-F89X-WJCX Credentials transmitted in plain text by Jenkins Logstash Plugin
Logstash Plugin stores credentials in its global configuration file jenkins.plugins.logstash.LogstashConfiguration.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form b...
CVE-2021-29960
Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk...
UBUNTU-CVE-2021-29960
Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk...
netty: Information disclosure via the local system temporary directory
In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the...
Netty Security Vulnerabilities
Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. A security vulnerability exists in Netty versions prior to 4.1.59, which stems from the fact that local information can be mad...
Data race and memory safety issue in `Index`
The appendix crate implements a key-value mapping data structure called Index that is stored on disk. The crate allows for any type to inhabit the generic K and V type parameters and implements Send and Sync for them unconditionally. Using a type that is not marked as Send or Sync with Index can...
RUSTSEC-2020-0149 Data race and memory safety issue in `Index`
The appendix crate implements a key-value mapping data structure called Index that is stored on disk. The crate allows for any type to inhabit the generic K and V type parameters and implements Send and Sync for them unconditionally. Using a type that is not marked as Send or Sync with Index can...
F5 Networks BIG-IP : BIG-IP restjavad vulnerability (K94325657)
The restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. Resulting error messages may also reveal internal paths of the server. CVE-2020-5880 Impact A remote attacker may be able to fill the disk storage and make the...