Vulnerabilities > Incorrect Comparison
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-12 | CVE-2023-45133 | Incorrect Comparison vulnerability in multiple products Babel is a compiler for writingJavaScript. | 8.8 |
| 2023-10-09 | CVE-2023-44378 | Incorrect Comparison vulnerability in Consensys Gnark gnark is a zk-SNARK library that offers a high-level API to design circuits. | 5.5 |
| 2023-09-25 | CVE-2015-6964 | Incorrect Comparison vulnerability in Multibit HD MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. | 5.3 |
| 2023-09-22 | CVE-2023-23766 | Incorrect Comparison vulnerability in Github Enterprise Server An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. | 6.5 |
| 2023-09-13 | CVE-2023-23840 | Incorrect Comparison vulnerability in Solarwinds Orion Platform The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. | 7.2 |
| 2023-09-13 | CVE-2023-23845 | Incorrect Comparison vulnerability in Solarwinds Orion Platform The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. | 7.2 |
| 2023-09-08 | CVE-2023-40271 | Incorrect Comparison vulnerability in ARM Trusted Firmware-M In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. | 7.5 |
| 2023-09-06 | CVE-2023-41935 | Incorrect Comparison vulnerability in Jenkins Azure AD Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce. | 7.5 |
| 2023-09-06 | CVE-2023-41936 | Incorrect Comparison vulnerability in Jenkins Google Login Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token. | 7.5 |
| 2023-08-30 | CVE-2023-23765 | Incorrect Comparison vulnerability in Github Enterprise Server An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. | 6.5 |