240 matches found
The onlyProfileOwnerOrDelegatedExecutor and whenNotPaused checks can be bypassed
Lines of code Vulnerability details Impact The LensHub.sol functions setProfileMetadataURI, setProfileMetadataURIWithSig, setFollowModule, setFollowModuleWithSig, collect, collectWithSig, act, actWithSig, setProfileImageURI, setProfileImageURIWithSig and others use...
Stealing excess tokens from other users by either front-running skim function or calling it before legitimate user
Lines of code Vulnerability details Impact File /src/interfaces/IWell.sol comment's defines what the skim function is being responsible for: / @notice Sends excess tokens held by the Well to the recipient. @param recipient The address to send the tokens @return skimAmounts The amount of each toke...
CVE-2023-21172
In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-21172
In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-21172
In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Design/Logic Flaw
In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Google Pixel 安全漏洞
Google Pixel is a smartphone from Google, an American company. Google Pixel suffers from a security vulnerability that stems from a privilege bypass in multiple functions of the WifiCallingSettings.java file, with a possible way to change the calling preferences of an administrator user...
CVE-2023-21172
In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-34155
Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability...
CVE-2023-34155
Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability...
CVE-2023-34155
Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability...
Design/Logic Flaw
Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability...
CVE-2023-34155
CVE-2023-34155 pertains to Huawei devices (phones/tablets) and is described as a vulnerability in unauthorized calling that can affect availability. The connected sources indicate the issue arises from an incorrect clearance or release of resources in the HarmonyOS/EMUI shell used on Huawei devic...
CVE-2023-34155
Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability...
CVE-2023-25752
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...
CVE-2023-33717
mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes had allocated memory but did not catch exceptions thrown by ReadBytes...
CVE-2023-31227
The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality...
Design/Logic Flaw
The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality...
CVE-2023-31227
The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality...
CVE-2023-31227
The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality...