CVE-2022-40210

Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

Intel DCM software 安全漏洞

Intel DCM software is an application from Intel Corporation USA. A security vulnerability exists in Intel DCM software prior to version 5.0.1 that originates from exposing data elements to the wrong session, which could allow an authenticated user to potentially enable privilege escalation via...

PT-2023-13771 · Intel · Intel Dcm

Name of the Vulnerable Software and Affected Versions: Intel DCM software versions prior to 5.0.1 Description: The issue concerns the exposure of a data element to the wrong session, potentially allowing an authenticated user to escalate privileges via local access. Recommendations: For versions...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in the UNISOC Chipsets soter service module, which stems from a lack of boundary checking, resulting in out-of-bounds writes...

Race Condition

audited is vulnerable to a Race Condition. The vulnerability exists in the store function of audited.rb as it can incorrectly attribute audits to the wrong user because of the usage of Thread.current...

Users can avoid getting their queuedWithdrawal slashed because of the wrong implementation.

Lines of code Vulnerability details Impact Users can avoid getting their queuedWithdrawal slashed because of the wrong implementation. Proof of Concept Let's take a look at the following code snippet from StrategyManagerslashQueuedWithdrawal. // keeps track of the index in the indicesToSkip array...

Race Condition leading to logging errors

In certain setups with threaded web servers, Audited's use of Thread.current can incorrectly attributed audits to the wrong user. Fixed in 5.3.3. In March, @convisoappsec noticed that the library in question had a Race Condition problem, which caused logs to be registered at times with different...

Exposure of Resource to Wrong Sphere

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere by loading a binary from an insecure hardcoded S3 bucket URL, which was demonstrated by an ethical hacker to be susceptible to takeover by malicious...

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...

Medium: curl

Issue Overview: The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the...

Remote code execution

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...

CVE-2023-27976

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...

XWiki Platform 访问控制错误漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from XWiki France. An Access Control Error vulnerability exists in XWiki Platform, which arises if a guest has view rights to any document. It is possible to use distribution/firstadminuser.wiki to create a ne...

Mozilla: Incorrect optimization result on ARM64

The Mozilla Foundation Security Advisory describes this flaw as: A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result...

Mozilla: Incorrect optimization result on ARM64

The Mozilla Foundation Security Advisory describes this flaw as: A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result...

Mozilla: Incorrect optimization result on ARM64

The Mozilla Foundation Security Advisory describes this flaw as: A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result...

Mozilla: Incorrect optimization result on ARM64

The Mozilla Foundation Security Advisory describes this flaw as: A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result...

Mozilla: Incorrect optimization result on ARM64

The Mozilla Foundation Security Advisory describes this flaw as: A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result...

Mozilla: Incorrect optimization result on ARM64

The Mozilla Foundation Security Advisory describes this flaw as: A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result...