_normalizeDecimals() Wrong calculation formula

Lines of code Vulnerability details Impact Wrong decimal place conversion, resulting in wrong quantity Proof of Concept in callOutSignedAndBridge The number of tokens will be converted to 18 decimal when packedData is performed. function callOutSignedAndBridgebytes calldata params, DepositInput...

Multiple vulnerabilities in SoftEther VPN and PacketiX VPN

Overview SoftEther VPN provided by University of Tsukuba SoftEther VPN Project and PacketiX VPN provided by SoftEther Corporation contain multiple vulnerabilities listed below in VPN Client function, and Dynamic DNS Client function included in the VPN server. Heap-based buffer overflow CWE-122 -...

CVE-2023-29241

Improper Information in Cybersecurity Guidebook in Bosch Building Integration System BIS 5.0 may lead to wrong configuration which allows local users to access data via network...

CVE-2023-32613

Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in...

CVE-2023-29241

Improper Information in Cybersecurity Guidebook in Bosch Building Integration System BIS 5.0 may lead to wrong configuration which allows local users to access data via network...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

JVN#78634340: Multiple vulnerabilities in WAVLINK WL-WN531AX2

WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C|...

CVE-2023-34114

Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access...

Use of wrong Library file directory

Lines of code Vulnerability details Impact Importing the wrong library file path in the Vault Factory contract can pose several risks: Functionality Issues: If you import the wrong library, the functions and features you expect to use may not be available or may behave differently. This can lead ...

notation-go's verification bypass can cause users to verify the wrong artifact

Impact An attacker who controls or compromises a registry can lead a user to verify the wrong artifact. Patches The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Workarounds User should use secure and trusted container...

CVE-2023-29548

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and Thunderbird 102.10...

CVE-2023-29549

Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

PT-2023-19041 · Stormshield · Stormshield Endpoint Security

Name of the Vulnerable Software and Affected Versions: Stormshield Endpoint Security versions 2.3.0 through 2.3.2 Description: The issue allows authenticated users to read sensitive information due to incorrect access control. Recommendations: For versions 2.3.0 through 2.3.2, update to a version...

frr security and bug fix update

7.5.1-7.0.1 - Fix POSTIN scriptlet Orabug: 34712485 7.5.1-7 - Resolves: 2128737 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service 7.5.1-6 - Resolves: 1939516 - frr service cannot reload itself, due to executing in the wrong SELinux context 7.5.1-5 -...

CVE-2023-31206

CVE-2023-31206 describes an Exposure of Resource to Wrong Sphere vulnerability affecting Apache InLong versions 1.4.0–1.6.0. The flaw allows an attacker to change the immutable name and type of InLong nodes due to exposure to the wrong sphere. Remediation across sources is to upgrade to InLong 1....

preBorrowHook and preRepayHook can call updateRewardTokenBorrowIndex with old borrowIndex

Lines of code Vulnerability details Impact Under normal circumstances, the user calls VToken.borrow, further calls accrueInterest to update borrowIndex, and then calls preBorrowHook to trigger updateRewardTokenBorrowIndex. But since preBorrowHook is an externl function, an attacker can directly...

Oracle Linux 9 : curl (ELSA-2023-2650)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2650 advisory. - fix FTP too eager connection reuse CVE-2023-27535 - fix HTTP multi-header compression denial of service CVE-2023-23916 - smb/telnet: fix use-after-free when...

CVE-2022-40210

Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

Privilege escalation

Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...