CVE-2023-43805

Nexkey (Misskey fork) pre-12.121.9 is vulnerable due to incomplete URL validation, allowing bypass of authentication for access to the job queue dashboard. The issue is fixed in version 12.121.9. As a workaround, operators have used access-blocking measures (e.g., WAF rules like Cloudflare) to mi...

CVE-2023-43793 Misskey allows users to bypass authentication of Bull dashboard

Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds...

Nexkey Authorization Issues Vulnerability

Nexkey is an open source, decentralized social media platform for nexryai individual developers. An authorization issue vulnerability exists in Nexkey versions prior to 12.121.9 that stems from allowing an attacker to bypass authentication to access the job queue dashboard...

CVE-2023-22384

Memory Corruption in VR Service while sending data using Fast Message Queue FMQ...

Memory corruption

Memory Corruption in VR Service while sending data using Fast Message Queue FMQ...

CVE-2023-22384

CVE-2023-22384 describes a memory corruption issue in the VR Service when sending data via Fast Message Queue (FMQ). Public records consistently describe the vulnerability as a buffer copy/memory corruption in VR Service related to FMQ data transfer (CVE-2023-22384; Qualcomm bulletins). The conne...

CVE-2023-22384 Buffer Copy Without Checking Size of Input in VR Service

Memory Corruption in VR Service while sending data using Fast Message Queue FMQ...

CVE-2023-22384 Buffer Copy Without Checking Size of Input in VR Service

Memory Corruption in VR Service while sending data using Fast Message Queue FMQ...

PT-2023-18476 · Unknown · Vr Service

Name of the Vulnerable Software and Affected Versions: VR Service affected versions not specified Description: The issue is related to memory corruption in the VR Service when sending data using the Fast Message Queue FMQ. Recommendations: At the moment, there is no information about a newer...

VotiumStrategy withdrawal queue fails to consider available unlocked tokens causing different issues in the withdraw process

Lines of code Vulnerability details Summary Withdrawals in VotiumStrategy are executed in queue since CVX tokens are potentially locked in Convex. However, the implementation fails to consider the case where unlocked assets are already enough to cover the withdrawal, leading to different issues...

PT-2023-30489 · Unknown +1 · Openharmony +1

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions 3.2.1 and prior Description: The issue is related to a system call function usage error and an mqueue undetected entries vulnerability in the liteos-a kernel. Local attackers can crash the kernel by providing error input...

The vulnerability of the software for exchanging information and events between components of the IBM Security Verify Information Queue authentication and authorization system, related to deficiencies in the error reporting mechanism, allows a perpetrator to gain access to confidential information.

The vulnerability of the information and event exchange software between the components of the IBM Security Verify Information Queue authentication and authorization system is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability could allow a malicious actor,...

The vulnerability of the software for exchanging information and events between components of the IBM Security Verify Information Queue authentication and authorization system, due to the lack of data encryption measures, allows a perpetrator to gain access to confidential information.

The vulnerability of the information and event exchange software between the components of the IBM Security Verify Information Queue authentication and authorization system is related to the lack of data encryption measures. Exploiting this vulnerability could allow an attacker to gain access to...

The vulnerability of the software for exchanging information and events between components of the IBM Security Verify Information Queue authentication and authorization system, related to deficiencies in the error reporting mechanism, allows a perpetrator to gain access to confidential information.

The vulnerability of the information and event exchange software between the components of the IBM Security Verify Information Queue authentication and authorization system is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability could allow a malicious actor,...

CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

GHSA-997J-37H7-MHG9 CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

Missing permission check in Jenkins AWS CodeCommit Trigger Plugin

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...