Lucene search
+L

77 matches found

RedHat Linux
RedHat Linux
added 2023/09/04 3:52 p.m.8 views

Mozilla: Push notifications saved to disk unencrypted

The Mozilla Foundation Security Advisory describes this flaw as: Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information...

6.5CVSS7.2AI score0.00361EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.3 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox that originates from unencrypted push notifications stored on disk in private browsing mode, which could lead to the disclosure of sensitive informati...

6.5CVSS7.6AI score0.00361EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2023/07/10 4:15 p.m.7 views

CVE-2023-35699

Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card...

5.3CVSS5.8AI score0.00202EPSS
Exploits0References4
OSV
OSV
added 2023/07/10 4:15 p.m.5 views

CVE-2023-35699

Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card...

4.6CVSS5.7AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.6 views

PT-2023-25282 · Sick · Sick Icr890-4

Name of the Vulnerable Software and Affected Versions: SICK ICR890-4 affected versions not specified Description: The issue concerns cleartext storage on disk, which could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing an SD card...

5.3CVSS4.5AI score0.00202EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/26 3:17 a.m.42 views

Security Bulletin: Configuring Volume Throttling on Storwize V3500, V3700, V5000 and V7000 (Gen 2) with V7.5.0.0-V7.5.0.2 may cause a loss of access to data

Summary Abstract Changing the volume throttling attribute on a Storwize V3500, V3700, V5000 or V7000 Gen 2 system with V7.5.0.0-V7.5.0.2 may cause node canisters in the system to go offline with a node error 564, requiring manual recovery. Content Vulnerability Details Abstract Changing the volum...

2.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.1 views

SUSE CVE-2021-29960

Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk...

4.3CVSS8.4AI score0.00829EPSS
Exploits0References4
Prion
Prion
added 2023/02/07 7:15 p.m.23 views

Design/Logic Flaw

Zulip is an open-source team collaboration tool. In versions of zulip prior to commit 2f6c5a8 but after commit 04cf68b users could upload files with arbitrary Content-Type which would be served from the Zulip hostname with Content-Disposition: inline and no Content-Security-Policy header, allowin...

4.9CVSS4.9AI score0.00515EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2022/10/12 7:56 a.m.7 views

netty: world readable temporary file containing sensitive data

CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled...

6.2CVSS6.8AI score0.01777EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2022/08/03 6:1 p.m.5 views

netty: world readable temporary file containing sensitive data

CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled...

6.2CVSS6.8AI score0.01777EPSS
Exploits2References4
Fedora
Fedora
added 2022/07/17 1:15 a.m.20 views

[SECURITY] Fedora 35 Update: golang-github-ledisdb-0.6-5.20210112gitd35789e.fc35

Ledisdb is a high-performance NoSQL database library and server written in Go. It's similar to Redis but store data in disk. It supports many data structures including kv, list, hash, zset, set. LedisDB now supports multiple different databases as backends...

9.3CVSS8.8AI score0.0995EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2022/06/28 12:0 a.m.3 views

PT-2022-16701 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions 4.10 and earlier Description: The issue allows session fixation, where unexpired SessionIDs of logged out users can still be used to make authenticated requests when the hybridsessions module is us...

6.5CVSS6.2AI score0.00854EPSS
Exploits0References13
OSV
OSV
added 2022/05/24 5:10 p.m.19 views

GHSA-5PG8-F89X-WJCX Credentials transmitted in plain text by Jenkins Logstash Plugin

Logstash Plugin stores credentials in its global configuration file jenkins.plugins.logstash.LogstashConfiguration.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form b...

3.1CVSS5AI score0.00614EPSS
Exploits0References5
OSV
OSV
added 2021/06/24 2:15 p.m.3 views

CVE-2021-29960

Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk...

4.3CVSS7.4AI score0.00829EPSS
Exploits0References3
OSV
OSV
added 2021/06/02 12:0 a.m.3 views

UBUNTU-CVE-2021-29960

Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk...

4.3CVSS7.3AI score0.00829EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/05/26 9:49 p.m.3 views

netty: Information disclosure via the local system temporary directory

In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the...

6.2CVSS7.3AI score0.01777EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/02/08 12:0 a.m.9 views

Netty Security Vulnerabilities

Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. A security vulnerability exists in Netty versions prior to 4.1.59, which stems from the fact that local information can be mad...

6.2CVSS6.7AI score0.01777EPSS
Exploits1References88
RustSec
RustSec
added 2020/11/15 12:0 p.m.22 views

Data race and memory safety issue in `Index`

The appendix crate implements a key-value mapping data structure called Index that is stored on disk. The crate allows for any type to inhabit the generic K and V type parameters and implements Send and Sync for them unconditionally. Using a type that is not marked as Send or Sync with Index can...

5.9CVSS2AI score0.00978EPSS
Exploits1
OSV
OSV
added 2020/11/15 12:0 p.m.51 views

RUSTSEC-2020-0149 Data race and memory safety issue in `Index`

The appendix crate implements a key-value mapping data structure called Index that is stored on disk. The crate allows for any type to inhabit the generic K and V type parameters and implements Send and Sync for them unconditionally. Using a type that is not marked as Send or Sync with Index can...

5.9CVSS5.6AI score0.00978EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/04/30 12:0 a.m.31 views

F5 Networks BIG-IP : BIG-IP restjavad vulnerability (K94325657)

The restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. Resulting error messages may also reveal internal paths of the server. CVE-2020-5880 Impact A remote attacker may be able to fill the disk storage and make the...

7.1CVSS7.1AI score0.01261EPSS
Exploits0References2
Rows per page
Query Builder