559 matches found
CWA displaying apps differently depending on which Storefront server you connect to
When connecting to a new Storefront server, customer is seeing icons that are displayed differently then they do when connecting to another Storefront server running the same version. Connected to the 1st server, the apps looked like this: Connected to the 2nd server, the apps looked like this:...
SUSE CVE-2017-3135
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 - 9.9.9-S7, 9.9.3 - 9.9.9-P5, 9.9.10b1,...
SUSE CVE-2020-8617
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...
SUSE CVE-2021-42859
A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2 release...
AddressRegistry might have non-actual record
Lines of code Vulnerability details Impact AddressRegistry might has non-actual record, which leads to inconsistent AddressRegistry state, and might affect possible consumers. Proof of Concept To register favorite NFT user calls register function from AddressRegistry. Then he sold this NFT to...
User receives lesser number of Long Tokens on burning Pool liquidity resulting in loss of user funds
Lines of code Vulnerability details Impact Protocol currently uses 2 levels of callbacks for burning Pool liquidity: Inner callback - timeswapV2PoolBurnChoiceCallback function in Line 438 of Pool.sol allows user to specify long0 & long1 amount such that long0 + long1 longAmount. longAmount here...
The vulnerability of the Squid caching proxy server, related to improper access control, allows attackers to gain access to confidential information.
The vulnerability of the Squid caching proxy server relates to the inconsistent processing of internal URIs. Exploiting this vulnerability allows a remote attacker to bypass the ACL firewall protection and gain access to information about the cache controller, including records related to the...
Design/Logic Flaw
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.This bug only affects Firefox on ARM64 platforms.. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-41596
The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components...
In consistent parameters settings can break the business logic
Lines of code Vulnerability details Impact The usual business logic of the raffle should be that: If a user wins a raffle, he can always claim the NFT before a redraw can be initialized. However, the settings parameters can be set to inconsistent so that a winner may not be able to claim the NFT...
Oracle Linux 9 : httpd (ELSA-2022-8067)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8067 advisory. - Resolves: 2094997 - CVE-2022-26377 httpd: modproxyajp: Possible request smuggling - Resolves: 2097032 - CVE-2022-28615 httpd: out-of-bounds read in...
The vulnerability of the microprogramming software for industrial LTE modems of the Moxa OnCell G3150A-LTE, OnCell G3470A-LTE, and WDR-3124A series, as well as the microprogramming software for wireless access points for industrial systems of the Moxa AWK-3131A, AWK-4131A, AWK-1131A, and AWK-1137C series, is related to inconsistencies in response to incoming requests. This vulnerability allows an intruder to gain unauthorized access to protected information.
The vulnerability of the microprogramming software used in industrial LTE modems of the Moxa OnCell G3150A-LTE, OnCell G3470A-LTE, and WDR-3124A series, as well as the microprogramming software used in wireless access points for industrial systems of the Moxa AWK-3131A, AWK-4131A, AWK-1131A, and...
Closing an unexisting credit can overflow the credit count variable in the LineOfCredit contract
Lines of code Vulnerability details The LineOfCredit contract doesn't verify if a credit exists and is properly initialized when closing it, and will update its state anyway, leading to an inconsistent count. Impact The close function in the LineOfCredit contract doesn't check if the given credit...
CVE-2022-42011
A vulnerability found in D-bus. This flaw allows an authenticated attacker to cause dbus-daemon and other programs that use libdbus to crash when receiving a message whose array length is inconsistent with the size of the element type...
Mozilla: Incoherent instruction cache when building WASM on ARM64
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of inconsistent data in the instruction and data cache when creating wasm code, which could lead to a potentially exploitable crash...
Inconsistent use of the for loop increment
Lines of code Vulnerability details Impact Inconsistant use of ++ operator. In OperatorRegistry.sol line numbers 84 and 114 the for loop variable i is incremented as ++i . But in ERC20PermitPermissionedMint.sol line number 84, the loop variable i is incremented as i++. Consider keeping the...
CVE-2022-3263
The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges...
Design/Logic Flaw
The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges...
CVE-2022-3263 Measuresoft ScadaPro Server Improper Access Control
The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges...
CVE-2022-40957
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of inconsistent data in the instruction and data cache when creating wasm code, which could lead to a potentially exploitable crash...