Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.4 contained security vulnerabilities. These vulnerabilities stemmed from the function CustomIsShared.hasobjectpermission, which...

EUVD-2022-39561

Malicious code in bioql PyPI...

CVE-2022-36861

Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege...

CVE-2024-7296

An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users...

BIT-GITLAB-2024-7296 Incorrect Authorization in GitLab

An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users...

CVE-2024-7296

GitLab EE contains CVE-2024-7296: affected releases are 16.5 up to 17.7.7, 17.8 up to 17.8.5, and 17.9 up to 17.9.2. A user with a custom permission could approve pending membership requests beyond the configured cap, potentially granting access beyond allowed users. This is described across mult...

Gitlab -- Vulnerabilities

Gitlab reports: A CSP-bypass XSS in merge-request page Denial of Service due to Unbounded Symbol Creation Exfiltrate content from private issues using Prompt Injection A custom permission may allow overriding Repository settings Internal HTTP header leak via route confusion in workhorse SSRF via...

CVE-2022-36861

Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege...

CVE-2022-36861

Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege...

Privilege escalation

Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege...

CVE-2022-36861

CVE-2022-36861 affects Samsung SystemUI prior to SMR Sep-2022 Release 1. It is described as a custom permission misuse that lets an attacker use some protected functions with SystemUI privilege. Root cause: misuse of a custom permission in SystemUI. Impact: potential elevation of privileges withi...

PT-2022-23665 · Systemui · Systemui

Name of the Vulnerable Software and Affected Versions: SystemUI versions prior to SMR Sep-2022 Release 1 Description: The issue concerns a custom permission misuse vulnerability. This vulnerability allows an attacker to use some protected functions with SystemUI privilege. Recommendations: For...

CVE-2019-2200

In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

CVE-2019-2200

In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

CVE-2019-2200

In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...