559 matches found
GHSA-R285-Q736-9V95 Filename spoofing in archive
An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...
CVE-2023-39137
An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...
CVE-2023-39137
An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...
Design/Logic Flaw
An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...
CVE-2023-39137
An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...
CVE-2023-39137
An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...
CVE-2023-40179 Silverware Games vulnerable to account enumeration via inconsistent responses
Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member o...
CVE-2023-40179 Silverware Games vulnerable to account enumeration via inconsistent responses
Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member o...
CVE-2023-40175
An HTTP request smuggling attack vulnerability was found in Rubygem Puma. This flaw allows an attacker to gain unauthorized access to sensitive data due to an inconsistent interpretation of HTTP requests...
CVE-2023-40175 Inconsistent Interpretation of HTTP Requests in puma
Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
removeFromAllTicks() withdraws all tick assets before deposit and withdraw re-deposit them creates a reentrancy attacks.
Lines of code Vulnerability details Impact reentrancy attacks can result to stolen funds Proof of Concept The key issue is that removeFromAllTicks calls removeFromTickindex in a loop, which calls lendingPool.withdraw and tr.withdraw. These external calls could trigger a reentrant call back into t...
Overstatement of Available Funds Due to Logic Error
Lines of code Vulnerability details Impact The computeAvailable function in VaultBooster.sol could potentially overstate the available balance in certain situations. Two functions rely on computeAvailable for determining the available funds, such as liquidate, accrue. If the overstated balance fr...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
CVE-2023-37559
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...