AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be > instead of >=.

Lines of code Vulnerability details Impact Would enable the winning bidder/bid to be selected WHILE it's still possible to bid higher in the auction. I.e. current comparison logic makes it possible to select auction winner while the auction isnt over yet. there's the risk of the true/valid highes...

CVE-2023-47102

UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid...

Code injection

UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid...

CVE-2023-32839

In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576...

CVE-2023-32839

In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576...

CVE-2023-32838

In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805...

Design/Logic Flaw

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could b...

CVE-2023-20247

A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid...

Cisco Firepower Management Center Software Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device...

PT-2023-7570 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is due to insufficient validation of user-supplied input for certain configuration options in the web management interface. An authenticated...

SUSE CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

PT-2023-7129 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to a lack of rate-limiting of requests sent to a specific API related to an FMC log, which could allow an unauthenticated, remote...

Invalid asset address can result to malicious Market Address and loss of fund

Lines of code Vulnerability details Impact The computeMarketAddress function is used to calculate the address where a market contract for a specific asset would be deployed. If an invalid asset address is passed, it could potentially lead to a collision with a valid market contract address, causi...

CVE-2022-4531

Rejected reason: Not a valid vulnerability...

GHSA-7P92-X423-VWJ6 Plonk verifier KZG multi point verification

Impact The vulnerability allows a third party to derive a valid proof from a valid initial tuple proof, publicinputs, corresponding to the same public inputs as the initial proof. It is due to a randomness being generated using a small part of the scratch memory describing the state, allowing for...

All VDAs reported as Power State Unknown in Studio

Connectivity is lost to the hypervisor and all VDAs show a power state unknown within the studio. The hosting connection test runs successfully Host Connection credentials are valid andnew machines can be created New machines are in power state unknown as well...

CVE-2023-41094 Touchlink authentication bypass due to packets processed after timeout or out of range in Ember ZNet

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3...

CVE-2023-4097

The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username...

Unrestricted file upload

The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username...

GHSA-V834-RHV4-65M3 static-server Path Traversal vulnerability

All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js...