CVE-2023-22384

CVE-2023-22384 describes a memory corruption issue in the VR Service when sending data via Fast Message Queue (FMQ). Public records consistently describe the vulnerability as a buffer copy/memory corruption in VR Service related to FMQ data transfer (CVE-2023-22384; Qualcomm bulletins). The conne...

PT-2023-18476 · Unknown · Vr Service

Name of the Vulnerable Software and Affected Versions: VR Service affected versions not specified Description: The issue is related to memory corruption in the VR Service when sending data using the Fast Message Queue FMQ. Recommendations: At the moment, there is no information about a newer...

VotiumStrategy withdrawal queue fails to consider available unlocked tokens causing different issues in the withdraw process

Lines of code Vulnerability details Summary Withdrawals in VotiumStrategy are executed in queue since CVX tokens are potentially locked in Convex. However, the implementation fails to consider the case where unlocked assets are already enough to cover the withdrawal, leading to different issues...

PT-2023-30489 · Unknown +1 · Openharmony +1

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions 3.2.1 and prior Description: The issue is related to a system call function usage error and an mqueue undetected entries vulnerability in the liteos-a kernel. Local attackers can crash the kernel by providing error input...

The vulnerability of the software for exchanging information and events between components of the IBM Security Verify Information Queue authentication and authorization system, related to deficiencies in the error reporting mechanism, allows a perpetrator to gain access to confidential information.

The vulnerability of the information and event exchange software between the components of the IBM Security Verify Information Queue authentication and authorization system is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability could allow a malicious actor,...

The vulnerability of the software for exchanging information and events between components of the IBM Security Verify Information Queue authentication and authorization system, due to the lack of data encryption measures, allows a perpetrator to gain access to confidential information.

The vulnerability of the information and event exchange software between the components of the IBM Security Verify Information Queue authentication and authorization system is related to the lack of data encryption measures. Exploiting this vulnerability could allow an attacker to gain access to...

The vulnerability of the software for exchanging information and events between components of the IBM Security Verify Information Queue authentication and authorization system, related to deficiencies in the error reporting mechanism, allows a perpetrator to gain access to confidential information.

The vulnerability of the information and event exchange software between the components of the IBM Security Verify Information Queue authentication and authorization system is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability could allow a malicious actor,...

Missing permission check in Jenkins AWS CodeCommit Trigger Plugin

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

GHSA-997J-37H7-MHG9 CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

CVE-2023-41944

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability...

CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

Design/Logic Flaw

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

CVE-2023-41942

The CVE-2023-41942 entry concerns a CSRF vulnerability in the Jenkins AWS CodeCommit Trigger Plugin. Affected software: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier. Root cause: cross-site request forgery that enables an attacker to clear the SQS queue. Impact: described as a...