Lucene search
K

240 matches found

Code423n4
Code423n4
added 2023/07/31 12:0 a.m.9 views

The onlyProfileOwnerOrDelegatedExecutor and whenNotPaused checks can be bypassed

Lines of code Vulnerability details Impact The LensHub.sol functions setProfileMetadataURI, setProfileMetadataURIWithSig, setFollowModule, setFollowModuleWithSig, collect, collectWithSig, act, actWithSig, setProfileImageURI, setProfileImageURIWithSig and others use...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/09 12:0 a.m.11 views

Stealing excess tokens from other users by either front-running skim function or calling it before legitimate user

Lines of code Vulnerability details Impact File /src/interfaces/IWell.sol comment's defines what the skim function is being responsible for: / @notice Sends excess tokens held by the Well to the recipient. @param recipient The address to send the tokens @return skimAmounts The amount of each toke...

6.8AI score
Exploits0
NVD
NVD
added 2023/06/28 6:15 p.m.14 views

CVE-2023-21172

In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.8AI score0.00097EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/28 6:15 p.m.4 views

CVE-2023-21172

In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.1AI score0.00097EPSS
Exploits0References2
OSV
OSV
added 2023/06/28 6:15 p.m.2 views

CVE-2023-21172

In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS5.9AI score0.00097EPSS
Exploits0References1
Prion
Prion
added 2023/06/28 6:15 p.m.19 views

Design/Logic Flaw

In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

4.3CVSS7.7AI score0.00097EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/06/28 12:0 a.m.3 views

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel suffers from a security vulnerability that stems from a privilege bypass in multiple functions of the WifiCallingSettings.java file, with a possible way to change the calling preferences of an administrator user...

7.8CVSS7.4AI score0.00097EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/28 12:0 a.m.9 views

CVE-2023-21172

In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.1AI score0.00097EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/19 5:15 p.m.4 views

CVE-2023-34155

Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability...

7.5CVSS7.1AI score0.00437EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/06/19 5:15 p.m.3 views

CVE-2023-34155

Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability...

7.5CVSS5.8AI score0.00437EPSS
Exploits0References1
NVD
NVD
added 2023/06/19 5:15 p.m.29 views

CVE-2023-34155

Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability...

7.5CVSS7.5AI score0.00437EPSS
Exploits0References1
Prion
Prion
added 2023/06/19 5:15 p.m.31 views

Design/Logic Flaw

Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability...

5CVSS7.5AI score0.00437EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/19 12:0 a.m.64 views

CVE-2023-34155

CVE-2023-34155 pertains to Huawei devices (phones/tablets) and is described as a vulnerability in unauthorized calling that can affect availability. The connected sources indicate the issue arises from an incorrect clearance or release of resources in the HarmonyOS/EMUI shell used on Huawei devic...

7.5CVSS7.5AI score0.00437EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/06/19 12:0 a.m.33 views

CVE-2023-34155

Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability...

7.7AI score0.00437EPSS
Exploits0References1
NVD
NVD
added 2023/06/02 5:15 p.m.15 views

CVE-2023-25752

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

6.5CVSS6.8AI score0.0061EPSS
Exploits0References4
NVD
NVD
added 2023/06/02 12:15 p.m.25 views

CVE-2023-33717

mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes had allocated memory but did not catch exceptions thrown by ReadBytes...

5.5CVSS5.4AI score0.00281EPSS
Exploits1References2
NVD
NVD
added 2023/05/26 5:15 p.m.18 views

CVE-2023-31227

The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality...

7.5CVSS7.5AI score0.00373EPSS
Exploits0References1
Prion
Prion
added 2023/05/26 5:15 p.m.19 views

Design/Logic Flaw

The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality...

5CVSS7.5AI score0.00373EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/26 12:0 a.m.22 views

CVE-2023-31227

The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality...

7.7AI score0.00373EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/26 12:0 a.m.7 views

CVE-2023-31227

The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality...

6.9AI score0.00373EPSS
Exploits0References1
Rows per page
Query Builder