19 matches found
EUVD-2026-36084
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability editsavedsearchowner could reassign sav...
EUVD-2024-41428
Malicious code in bioql PyPI...
CVE-2024-45304
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...
Repository Takeover
github.com/go-vela/server is vulnerable to Repository Takeover. The vulnerability is due to improper validation of webhook headers and body data, allowing an attacker to forge requests and transfer repository ownership along with its secrets...
Netsweeper 安全漏洞
Netsweeper is a web content filtering solution from Netsweeper Canada. A security vulnerability exists in Netsweeper v.8.2.6 and prior versions that stems from a lack of server-side authentication in the account management interface, which could lead to unauthorized reassignment of account...
CVE-2024-45304
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...
CVE-2024-45304 OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...
CVE-2024-45304 OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...
CVE-2024-45304 OwnableTwoStep allows a pending owner to accept ownership after the original owner has renounced ownership in cairo-contracts
Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintend...
Design/Logic Flaw
A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be...
Code injection
Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page...
Anyone can burn/steal other users' wrapped follow NFTs
Lines of code Vulnerability details Impact Anyone can unwrap any follow NFT Attackers can steal follows by burning them Owners lose their follows without consent Proof of Concept The lack of ownership check in the unwrap function creates a vulnerability where anyone can unwrap and steal a follow...
No way of transfering Ownership/Wrong use of Interface
Lines of code Vulnerability details Impact From my understanding there is no way to change the owner which can lead to funds can be stuck if an AMM and governance change/upgrade is required. There is risk if the owner keys get compromised - also there is no progressive security if you can't chang...
Security Bulletin: SONAS Fix Available for Incorrect Permission Checks when Granting/Removing Privilege (CVE-2012-2111)
Abstract SONAS includes a version of Samba that is affected by a vulnerability that allows a user to take ownership of files and directories that they do not own. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-2111 DESCRIPTION: An error in the Remote Procedure Call RPC code in Samba results in a...
BTC2X has an unspecified vulnerability
BTC2X B2X is an application. The smart contract implements its own functionality, a tradable Ether ERC20 token with unprotected ownership, which allows anyone to become the owner of the contract, including the recipient. there is a security vulnerability in BTC2X that could be exploited by an...
Design/Logic Flaw
An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo wrong case: XBornID versus XBORNID that allows an attacker to change the owner of the contract and obtain cryptocurrency for free...
CVE-2018-19831
The ToOwner function of a smart contract implementation for Cryptbond Network CBN, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity...
CVE-2018-19832
The NETM function of a smart contract implementation for NewIntelTechMedia NETM, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity...
CVE-2010-1161
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files...