151 matches found
CVE-2024-1313
CVE-2024-1313 is confirmed with concrete details in connected docs: Grafana versions affected are 9.5.0–9.5.17, 10.0.0–10.0.12, 10.1.0–10.1.8, 10.2.0–10.2.5, and 10.3.0–10.3.4. The issue is an authorization bypass allowing a user from a different organization to delete a snapshot by sending DELET...
BIT-TENSORFLOW-2021-37686 Infinite loop in TensorFlow Lite
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...
MGASA-2024-0035 Updated xpdf packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Logic bug in text extractor led to invalid memory access. CVE-2022-30524 Integer overflow in rasterizer. CVE-2022-30775 PDF object loop in Catalog::countPageTree. CVE-2022-33108 PDF object loop in AcroForm::scanField. CVE-2022-36561 Logic bug in...
GHSA-7G9J-G5JG-3VV3 Unauthenticated Nonce Increment in snow
Impact There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it...
Unauthenticated Nonce Increment in snow
Impact There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it...
RUSTSEC-2024-0011 Unauthenticated Nonce Increment in snow
There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with privileges to inject packets into the channel over which the Noise session operates, this could allow a denial-of-service attack which could prevent message...
AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be > instead of >=.
Lines of code Vulnerability details Impact Would enable the winning bidder/bid to be selected WHILE it's still possible to bid higher in the auction. I.e. current comparison logic makes it possible to select auction winner while the auction isnt over yet. there's the risk of the true/valid highes...
AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be > instead of >=.
Lines of code Vulnerability details Impact Would enable the winning bidder/bid to be selected WHILE it's still possible to bid higher in the auction. I.e. current comparison logic makes it possible to select auction winner while the auction isnt over yet. there's the risk of the true/valid highes...
Exploit for Code Injection in Apache Commons_Text
Quickstart bash sudo apt install golang To run like...
Use of timestamp for comparisons
Lines of code Vulnerability details Impact The timestamp in use can be manipulated causing a logic bug in the checks performed Proof of Concept Tools Used slither Recommended Mitigation Steps use random number generation --- The text was updated successfully, but these errors were encountered: Al...
K10522033: Intel CSME and TXE vulnerability CVE-2019-0098
Security Advisory Description Logic bug vulnerability in subsystem for IntelR CSME before version 12.0.35, IntelR TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2019-0098 Impact An attacker with physical access to...
SUSE CVE-2022-24949
A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen...
Mozilla Firefox Security Advisories (MFSA2022-54, MFSA2023-02) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
CVE-2022-4779
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...
CVE-2022-4779
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...
Authentication flaw
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...
CVE-2022-4779
CVE-2022-4779 concerns StreamX applications (versions 6.02.01–6.04.34) with the StreamView HTML component when the public web server feature is enabled. A logic bug allows bypassing the implemented authentication scheme, exposing potentially unauthenticated access. Affected components and root ca...
CVE-2022-4779 authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...
CVE-2022-24949
A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen...
Race condition
A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen...