Vulnerabilities > Incorrect Comparison

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2023-45213 Incorrect Comparison vulnerability in Westermo L206-F2G Firmware 4.24
A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.
network
low complexity
westermo CWE-697
6.5
2024-02-04 CVE-2015-10129 Incorrect Comparison vulnerability in Samwilson Planet-Freo
A vulnerability was found in planet-freo up to 20150116 and classified as problematic.
network
high complexity
samwilson CWE-697
5.9
2024-02-02 CVE-2023-50940 Incorrect Comparison vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
network
low complexity
ibm CWE-697
critical
9.8
2024-01-24 CVE-2024-23903 Incorrect Comparison vulnerability in Jenkins Github Branch Source
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
network
low complexity
jenkins CWE-697
5.3
2023-12-12 CVE-2023-49994 Incorrect Comparison vulnerability in Espeak-Ng 1.52
Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.
local
low complexity
espeak-ng CWE-697
5.5
2023-10-25 CVE-2023-46656 Incorrect Comparison vulnerability in Jenkins Multibranch Scan Webhook Trigger
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
network
low complexity
jenkins CWE-697
5.3
2023-10-25 CVE-2023-46657 Incorrect Comparison vulnerability in Jenkins Gogs
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
network
low complexity
jenkins CWE-697
5.3
2023-10-25 CVE-2023-46658 Incorrect Comparison vulnerability in Jenkins Msteams Webhook Trigger 0.1.0/0.1.1
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
network
low complexity
jenkins CWE-697
5.3
2023-10-25 CVE-2023-46660 Incorrect Comparison vulnerability in Jenkins Zanata
Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
network
low complexity
jenkins CWE-697
5.3
2023-10-18 CVE-2023-46009 Incorrect Comparison vulnerability in Lcdf Gifsicle 1.94
gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.
local
low complexity
lcdf CWE-697
7.8