Vulnerabilities > Incorrect Comparison
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-06 | CVE-2024-9681 | Incorrect Comparison vulnerability in Haxx Curl When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host. (The HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem.) When `x.example.com` responds with `Strict-Transport-Security:` headers, this bug can make the subdomain's expiry timeout *bleed over* and get set for the parent domain `example.com` in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server. | 6.5 |
| 2024-09-18 | CVE-2024-6641 | Incorrect Comparison vulnerability in Getastra WP Hardening The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. | 5.3 |
| 2024-08-20 | CVE-2024-41657 | Incorrect Comparison vulnerability in Casbin Casdoor Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. | 8.8 |
| 2024-08-01 | CVE-2024-32862 | Incorrect Comparison vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0/21.03 Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains. | 8.1 |
| 2024-07-25 | CVE-2024-24621 | Incorrect Comparison vulnerability in Softaculous Webuzo Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. | 9.8 |
| 2024-07-10 | CVE-2024-5217 | Incorrect Comparison vulnerability in Servicenow Utah/Vancouver ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. | 9.8 |
| 2024-07-08 | CVE-2024-39742 | Incorrect Comparison vulnerability in IBM MQ Operator IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. | 9.8 |
| 2024-06-28 | CVE-2024-38522 | Incorrect Comparison vulnerability in Hushline Hush Line Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. | 6.3 |
| 2024-05-14 | CVE-2024-34340 | Incorrect Comparison vulnerability in multiple products Cacti provides an operational monitoring and fault management framework. | 9.1 |
| 2024-02-06 | CVE-2023-45213 | Incorrect Comparison vulnerability in Westermo L206-F2G Firmware 4.24 A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. | 6.5 |