530 matches found
SUSE CVE-2019-5799
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page...
SUSE CVE-2019-12210
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...
SUSE CVE-2020-12391
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...
SUSE CVE-2022-38473
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions such as microphone or camera access. This vulnerability affects Thunderbird 102.2, Thunderbird 91.13, Firefox ESR 91.13, Firefox ESR 102.2, and Firefox 104...
Possiblity of storage collision
Lines of code Vulnerability details Impact There is a possibility of storage collision, when you upgrade the implementation contract in the . This could happen because the storage in the smart contract is stored the storage value from the left to the right, and if you add a new var to the storage...
CVE-2022-38473
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions such as microphone or camera access. This vulnerability affects Thunderbird 102.2, Thunderbird 91.13, Firefox ESR 91.13, Firefox ESR 102.2, and Firefox 104...
DEBIAN-CVE-2022-29909
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...
CVE-2022-29909
CVE-2022-29909 is a Firefox/Thunderbird vulnerability described as privilege escalation via deeply-nested cross-origin browsing contexts that could inherit top-level permissions. Affected products and versions from connected advisories: Thunderbird < 91.9 and Firefox (including ESR)
Upgraded Q -> M from #107 [1668211909800]
Judge has assessed an item in Issue 107 as M risk. The relevant finding follows: L-01 WardenPledge inherits Ownable instead of Owner The contract imports Owner.sol but inherits Ownable - should both import and inherit Owner --- The text was updated successfully, but these errors were encountered:...
OpenZeppelin ๅฎๅ จๆผๆด
OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts versions 3.2.0 and later through 4.4.1 and earlier, which stems from an exception set to support multiple inheritance that breaks the expectation of a...
operator role it's handled in a way that can damage the protocol
Lines of code Vulnerability details operator role it's handled in a way that can damage the protocol Impact Same logic is being deployed several times, for maintainability is hardly recommended to not copy paste same logic many times but inherit it. Also there is an issue in BorrowController with...
Multiple storage slot collisions between versions - due to different order in declaration
Lines of code Vulnerability details Impact If we list the sequence of how variables receive slots, we will see the failure to follow "append-only" principle. Many variable added "in-between" V2 version can read/write wrong slots. Proof of Concept Here is the table/list of variable, built taking...
Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a cross-origin iframe referencing an XSLT document inheriting the parent domain's permissions such as microphone or camera access...
CVE-2022-38473
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions such as microphone or camera access. This vulnerability affects Thunderbird 102.2, Thunderbird 91.13, Firefox ESR 91.13, Firefox ESR 102.2, and Firefox 104...
Lack of storage gap for upgradable contracts
Lines of code Vulnerability details Impact Safe usage of upgradable contract should include a storage gap to allow the addition of new state. OpenZeppelin docs Proof of Concept The following contracts on the project are using upgradable contracts from OpenZeppelin. File: contracts/Community.sol...
State Variable Shadowing
Lines of code Vulnerability details Impact Check: shadowing-state Severity: High Confidence: High It is possible to use the same variable twice in Solidity, but it can lead to unintended side effects.The TestAllowance.sol contract inherits from TesTBaseWorkflow.sol. In the TestAllowance.sol...
CVE-2022-33996
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user...
Devolutions Server ๅฎๅ จๆผๆด
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server versions prior to 2022.2 that stems from incorrect privilege management. An attacker could exploit the...
Jenkins Project Inheritance Plugin่ทจ็ซ่ๆฌๆผๆด
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...
GHSA-3HX4-285W-V6MM Jenkins Project Inheritance Plugin vulnerable to cross site scripting
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...