CVE-2026-0046

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2024-44551

Malicious code in bioql PyPI...

CVE-2019-11765

A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted...

Mozilla Firefox for Android Security Bypass Vulnerability (CNVD-2024-36716)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox for Android, which is caused due to a selection option that obscures security prompts. An attacker could exploit the vulnerability to trick use...

SUSE CVE-2024-2611

A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

Input validation

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction...

CVE-2024-20837

Samsung Internet prior to version 24.0.0.41 contains an issue in how it grants permissions for Trusted Web Activities (TWAs). The vulnerability arises from improper handling of permission grants, enabling local attackers to grant permissions to their own TWA WebApps without user interaction. Affe...

IBM FileNet Content Manager Privilege Permission and Access Control Issues Vulnerability

IBM FileNet Content Manager is a content management solution for the FileNet P8 platform from International Business Machines IBM. The solution combines document management with ready-to-use workflow tools to manage images, video, Web content, compliance documents, and more. IBM FileNet Content...

IBM FileNet Content Manager 权限许可和访问控制问题漏洞

IBM FileNet Content Manager is a content management solution for the FileNet P8 platform from International Business Machines IBM. The solution combines document management with ready-to-use workflow tools to manage images, video, Web content, compliance documents, and more. IBM FileNet Content...

CVE-2024-0750

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

Mozilla: Potential permissions request bypass via clickjacking

The Mozilla Foundation Security Advisory describes this flaw as: A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions...

Debian dla-3417 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3417 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3417-1 [email protected]...

CVE-2023-28668

Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fae51 and earlier grants permissions even after they've been disabled...

Design/Logic Flaw

In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

PT-2022-14666 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: The issue is related to a tapjacking/overlay attack in the ReviewPermissionsActivity.java file. This could allow granting permissions for a separate app on devices with API level le...

Mozilla Firefox Privilege Permission and Access Control Issues Vulnerability (CNVD-2023-59955)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a Permission Granting and Access Control Issue vulnerability that stems from improper management of permissions in the application. An attacker could exploit the...

[WP-H4] Initializer of QuantConfig.sol can rug users

Lines of code Vulnerability details function initializeaddress payable timelockController public override initializer require timelockController != address0, "QuantConfig: invalid TimelockController address" ; AccessControlinit; Ownableinitunchained; setupRoleDEFAULTADMINROLE, msgSender;...

GaussDB Kernel: Enabling the Auditing of Permission Granting and Revoking

The parameter auditgrantrevoke specifies whether to audit the permissions granted to and revoked from database users. After this parameter is set to on, database account permissions are traced. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced...

openGauss: Enabling the Auditing of Permission Granting and Revoking

The parameter auditgrantrevoke specifies whether to audit the permissions granted to and revoked from database users. After this parameter is set to on, database account permissions are traced. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced...

The vulnerability of the Sumac utility component, related to the lack of mechanisms for granting permissions, privileges, and controlling access, allows a violator to trigger the octath service.

The vulnerability of the Sumac utility component is related to the lack of mechanisms for granting permissions, privileges, and managing access control. Exploiting this vulnerability could allow a perpetrator to trigger the octath service...