929 matches found
GHSA-MRQX-MJC4-VFH3 wallabag subject to Improper Authorization via annotations
Impact The annotations feature lets users add annotations on highlighted parts of an entry. The controller does not validate authorization on PUT and DELETE requests which lets a logged user modify or delete any annotation using their ID on their endpoints example.org/annotations/id. These...
Siemens Desigo PXC and DXR Devices Observable Discrepancy (CVE-2022-24043)
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application fails to normalize the response times o...
CVE-2023-0440
Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6...
_verifyTime function does not handle startTime > endTime
Lines of code Vulnerability details Impact A possible scenario where the verifyTime function could cause unexpected behavior is if the input parameters startTime and endTime are not correctly set by the user or another contract. If startTime is greater than endTime, the function would return vali...
CVE-2023-0440 Observable Discrepancy in healthchecks/healthchecks
Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6...
CVE-2023-0440
The CVE-2023-0440 entry concerns healthchecks/healthchecks before version 2.6. The issue is described as an observable discrepancy that can expose sensitive information to unauthorized actors. Affected software is Healthchecks (healthchecks/healthchecks); versions prior to 2.6 are vulnerable. Mit...
CVE-2023-0440 Observable Discrepancy in healthchecks/healthchecks
Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6...
A transfer-on-fee token or a deflationary/rebasing token, causing the received amount to be less than the accounted amount. For instance, a deflationary tokens might charge a certain fee for every safetransfer() or safetransferFrom().
Lines of code Vulnerability details Impact ALice calls stakeamount = 100 deflationary Tokens. Because the token has a fee upon transfer, StRSR receives only 99 tokens and staked that amount to mint but user thought that receives 100 tokens . But reality token received for stRSR only 99 . Proof of...
Observable timing discrepancy in JOpenId
A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. Upgrading to version 1.08 is able to address...
GHSA-M4F8-P58G-J8MJ Observable timing discrepancy in JOpenId
A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. Upgrading to version 1.08 is able to address...
CVE-2010-10006
A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high...
Design/Logic Flaw
A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high...
CVE-2010-10006 michaelliao jopenid OpenIdManager.java getAuthentication timing discrepancy
A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high...
CVE-2010-10006
CVE-2010-10006 affects michaelliao jopenid, specifically the timing discrepancy in OpenIdManager.java:getAuthentication. The issue arises from manipulation leading to observable timing differences. Exploitation complexity is described as high and exploitability as difficult. A fix is available in...
CVE-2010-10006 michaelliao jopenid OpenIdManager.java getAuthentication timing discrepancy
A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high...
Not resetting totalBurned in CashManger will break user redemptions
Lines of code Vulnerability details Not resetting totalBurned in CashManger will break user redemptions The current implementation in CashManager.completeRedemptions is not updating the totalBurned amount in an epoch if there was a refund. The problem is, that if not all user redemptions can be...
Barzahlen Payment Module PHP SDK vulnerable to Observable Timing Discrepancy
A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. Upgrading to version 2.0.1 is able to address this issu...
GHSA-VG5X-6Q66-RVGX Barzahlen Payment Module PHP SDK vulnerable to Observable Timing Discrepancy
A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. Upgrading to version 2.0.1 is able to address this issu...
CVE-2016-15015
A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The...
CVE-2016-15015
A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The...