Multiple Codesys Products Input Validation Error Vulnerability

3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...

CVE-2023-4055

When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox 116, Firefox ESR 102.14,...

Denial Of Service (DoS)

frr is vulnerable to Denial of Service DoS attacks. By crafting a BGP OPEN message with an option of type 0xff, an attacker is able to cause a denial of service conditions due to inconsistent boundary checks that do not account for reading 3 bytes instead of 2 in this 0xff case...

Functions don't update after being called

Lines of code Vulnerability details Impact Without updating the reserve or vault value of tokens after calling different functions, the contract may be prone to inconsistent state, security issues, financial implications, and bad user experience. It is important to review and update the reserve...

The vulnerability of Moxa TN-5900 series router microprogramming software, related to inconsistencies in responses to incoming requests, allows attackers to gain unauthorized access to protected information.

The vulnerability of Moxa TN-5900 series router microprogramming software is related to inconsistencies in the responses to incoming requests. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

PT-2025-53202

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0-rc1+ 4 Description The Linux kernel contains a flaw within the ntfs3 file system related to handling extended attributes. Specifically, the ntfs read ea function does not properly return an error code for...

Insufficient Validation of Addresses Vulnerability

Lines of code Vulnerability details Summary The code suffers from an insufficient validation of addresses vulnerability. Although it uses the sdk.AccAddressFromBech32 function to convert addresses from Bech32 format to sdk.AccAddress, it fails to validate the addresses for their validity and...

EulerOS Virtualization 3.0.6.0 : dbus (EulerOS-SA-2023-2208)

According to the versions of the dbus packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in D-Bus Development branch = 1.13.16, dbus-1.12.x stable branch = 1.12.18, and dbus-1.10.x and old...

Huawei EulerOS: Security Advisory for dbus (EulerOS-SA-2023-2208)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Recipient address is not appropriately validated or sanitized in the BaseFeeVault contract (loss of funds)

Lines of code Vulnerability details Impact If the recipient address is not properly validated, an attacker could supply a malicious address as the recipient. This could result in the accumulated fees being sent to an unintended or unauthorized party. It could lead to financial loss or disruption ...

CVE-2023-2255 Remote documents loaded without prompt via IFrame

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would lo...

CVE-2023-2255

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would lo...

REENTRANCY IN THE ERC777 PROJECT TOKEN, CAN LEAD TO INCONSISTENT STATE OF THE CONTRACT DURING TRANSACTION

Lines of code Vulnerability details Impact In the JBXBuybackDelegate.swap function there is a possbile reentrancy vulnerability. If the projectToken is a ERC777 token then the data.beneficiary can reenter the contract by calling the JBXBuybackDelegate.payParams external function to mint more...

Inconsistent check for LP balance in AMO

Lines of code Vulnerability details Inconsistent check for LP balance in AMO While pulling LP tokens from the CVXStaker contract, the AMO queries the current available balance using the staked balance, which is inconsistent with the implementation of the withdraw function. Impact Curve LP tokens...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1780)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-40318

An issue was discovered in bgpd in FRRouting FRR through 8.4. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart, or out-of-bounds read. This is possible because of inconsistent...

CVE-2022-40302

An issue was discovered in bgpd in FRRouting FRR through 8.4. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart, or out-of-bounds read. This is possible because of inconsistent...

Upgraded Q -> 2 from #680 [1683016840166]

Judge has assessed an item in Issue 680 as 2 risk. The relevant finding follows: A. Fee structure is inconsistent for buys/changes. In buy and sell function protocolFee is based on a percentage of the input/output amount but in change the fee is based on the pool fee not the input amount. It shou...

CVE-2022-29606

An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network...

Out-of-Bounds Read

libbzip3.so is vulnerable to out-of-bounds reads. The vulnerability exists due to lack of safety checks for decoding/testing when the buffer size and block size are inconsistent causing out of bound reads...