Use of Cache Containing Sensitive Information
CWE-524

CVE IDCVSSVendorExploitPatchTrends
CVE-2024-49580In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin could lead to response information disclosure
CVSS 5.3Jetbrains

-

Patched

Trending graph for this CVE
CVE-2024-45596Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId and Oauth2 Directus is using the respond middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials. This vulnerability is fixed in 10.13.3 and 11.1.0.
CVSS 7.4

-

Patched

Trending graph for this CVE
CVE-2024-41906A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache.
CVSS 6.5Siemens

-

Patched

Trending graph for this CVE
CVE-2024-33004SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.
CVSS 4.3Sap

-

-

Trending graph for this CVE
CVE-2024-27917The Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The Symfony Session Handler is in use, when no explicit Session configuration has been done. When Redis is in use for Sessions using the PHP Redis extension, this exploiting code is not used.
CVSS 7.5Shopware

-

Patched

Trending graph for this CVE
CVE-2024-0874A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
CVSS 5.3Coredns.io

-

-

Trending graph for this CVE
CVE-2023-37486Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and availability of the application.
CVSS 7.5Sap

-

Patched

Trending graph for this CVE
CVE-2022-41032NuGet Client Elevation of Privilege Vulnerability.
CVSS 7.8Fedoraproject, et al

Exploit

Patched

Trending graph for this CVE
CVE-2022-3292Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8.
CVSS 4.6Ikus-soft

Exploit

Patched

Trending graph for this CVE
CVE-2021-24027A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.
CVSS 7.5Whatsapp

Exploit

Patched

Trending graph for this CVE
CVE-2019-9495The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
CVSS 3.7Synology, et al

Exploit

Patched

Trending graph for this CVE
CVE-2019-9494The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
CVSS 5.9Synology, et al

Exploit

Patched

Trending graph for this CVE
CVE-2019-14997The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.
CVSS 4.3Atlassian

-

Patched

Trending graph for this CVE
CVE-2019-11244In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.
CVSS 5Kubernetes, et al

-

-

Trending graph for this CVE