UBUNTU-CVE-2025-32697

Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki:...

DAOs can be permanently locked due to insufficient parameter validation in _grantWithCondition()

Lines of code ttps://github.com/code-423n4/2023-03-aragon/blob/4db573870aa4e1f40a3381cdd4ec006222e471fe/packages/contracts/src/core/permission/PermissionManager.solL312 Vulnerability details Impact It is possible to set the condition contract to an EOA when granting permission with a condition th...

function applyTargetPermissions() from PermissonManager.sol should use external grant function instead of internal function

Lines of code Vulnerability details Summary applySingleTargetPermissions and applyMultiTargetPermissions use internal function grant, revoke, grantWithCondition in a loop. Each of these internal function have an external function grant, revoke, grantWithCondition do the same thing with extra step...

DAO.sol auth() for ROOT_PERMISSION_ID should not need to depend on hidden IPermissionCondition _auth() from PermissionManager.sol

Lines of code Vulnerability details Summary PermissionManager.sol auth modifier pass along msg.data from all functions, is really out of place. There is little reason to pass along unused data than necessary. It is reasonable to expect ROOTPERMISSIONID and other DAO executive role controlled by...

Google Android Information Disclosure Vulnerability (CNVD-2023-12018)

Google Android is a free and open source operating system based on the Linux kernel without GNU components. An information disclosure vulnerability exists in revokeOwnPermissionsOnKill in PermissionManager.java in Google Android version 13.0, which stems from the program not properly checking que...

CVE-2022-20559

In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User...

CVE-2022-20559

In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User...

Information disclosure

In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User...

CVE-2022-20559

In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User...

BuildEdgeIndexServlet XSRF

The BuildEdgeIndexServlet is responsible for rebuilding the edge index. As this is a servlet and not a Webwork action, XSRF checks must be implemented programmatically. The Servlet does not currently implement any XSRF token checks, meaning the edge index can be forced to be rebuilt when attacked...