Vulnerabilities > Incorrect Comparison
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2023-50940 | Incorrect Comparison vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. | 9.8 |
| 2024-01-24 | CVE-2024-23903 | Incorrect Comparison vulnerability in Jenkins Github Branch Source Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |
| 2023-12-12 | CVE-2023-49994 | Incorrect Comparison vulnerability in Espeak-Ng 1.52 Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c. | 5.5 |
| 2023-10-25 | CVE-2023-46656 | Incorrect Comparison vulnerability in Jenkins Multibranch Scan Webhook Trigger Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |
| 2023-10-25 | CVE-2023-46657 | Incorrect Comparison vulnerability in Jenkins Gogs Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |
| 2023-10-25 | CVE-2023-46658 | Incorrect Comparison vulnerability in Jenkins Msteams Webhook Trigger 0.1.0/0.1.1 Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |
| 2023-10-25 | CVE-2023-46660 | Incorrect Comparison vulnerability in Jenkins Zanata Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |
| 2023-10-18 | CVE-2023-46009 | Incorrect Comparison vulnerability in Lcdf Gifsicle 1.94 gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c. | 7.8 |
| 2023-10-12 | CVE-2023-45133 | Incorrect Comparison vulnerability in multiple products Babel is a compiler for writingJavaScript. | 8.8 |
| 2023-09-25 | CVE-2015-6964 | Incorrect Comparison vulnerability in Multibit HD MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. | 5.3 |