153 matches found
Unbounded loop in _removeNft could lead to a griefing/DOS attack
Handle shw Vulnerability details Impact Griefing/DOS attack is possible when a malicious NFT contract sends many NFTs to the vault, which could cause excessive gas consumed and even transactions reverted when other users are trying to unlock or transfer NFTs. Proof of Concept 1. The function...
Mozilla Thunderbird 安全漏洞
Mozilla Thunderbird is a set of email client software from the Mozilla Foundation that is separate from the Mozilla Application Suite. Mozilla Thunderbird has a security vulnerability that could be exploited by attackers to perform operations on unlocked keys without having to unlock them...
SUSE-SU-2021:1029-1 Security update for gssproxy
This update for gssproxy fixes the following issues: - CVE-2020-12658: Fixed an issue where gssproxy was not unlocking condmutex before pthread exit in gpworkermain bsc1180515...
Snapchat: CSRF when unlocking lenses leads to lenses being forcefully installed without user interaction
Hi, The url below allows a user to unlock a particular lens. Once they have opened the URL on their phone, Snapchat opens up and prompts the user to unlock this lens. https://www.snapchat.com/unlock/?type=SNAPCODE&uuid=6ff5a565fca249a1948b1963ee2881b4&metadata=01 By changing the value of type in...
Rust Security Vulnerabilities
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in rusqlite crate before 0.23.0 for Rust, which stems from a memory safety violation that can be exploited via unlocking...
US Schools Are Buying Cell Phone Unlocking Systems
Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial...
Tesla Model X Data Falsification Issue Vulnerability
Tesla The Tesla Model X is a new energy vehicle from the American company Tesla. Tesla Model X vehicles versions prior to 2020-11-23 suffer from a security vulnerability that stems from having critical fobs that can accept firmware updates without signature verification.This allows an attacker to...
GaussDB Kernel: Configuring the Automatic Account Unlocking Time
Configure the automatic account unlocking time for locked abnormal accounts. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...
GaussDB Kernel: Enabling the Auditing of Database Locking and Unlocking
The parameter audituserlocked specifies whether to audit the locking and unlocking of database users. After this parameter is set to on, the locking status of database accounts is traced. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources,...
openGauss: Enabling the Auditing of Database Locking and Unlocking
The parameter audituserlocked specifies whether to audit the locking and unlocking of database users. After this parameter is set to on, the locking status of database accounts is traced. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources,...
openGauss: Configuring the Automatic Account Unlocking Time
Configure the automatic account unlocking time for locked abnormal accounts. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...
CVE-2020-24655
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...
Huawei Honor 9X License Issue Vulnerability
Huawei Honor 9X is a smartphone from Chinese company Huawei Huawei. An authorization issue vulnerability exists in the handling of the Alarm Clock feature in previous versions of Huawei Honor 9X 9.1.1.172 C00E170R8P1. An attacker can exploit the vulnerability with the help of a specially crafted...
Samsung Mobile Device Input Validation Error Vulnerability (CNVD-2020-33791)
Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An input validation error vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to enable OEM unlocking on KG-registered devices and download custom...
How AT&T Insiders Were Bribed to 'Unlock' Millions of Phones
One cybersecurity threat that’s proven difficult for wireless carriers to combat? Their own employees...
Cellebrite Now Says It Can Unlock Any iPhone for Cops
In a strangely public product announcement, the phone-cracking firm revealed a powerful new device...
Authentication flaw
The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking...
Android Security Bulletin—April 2019Stay organized with collectionsSave and categorize content based on your preferences.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2019-04-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...
Pixel Update Bulletin—April 2019Stay organized with collectionsSave and categorize content based on your preferences.
The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel devices Google devices. For Google devices, security patch levels of 2019-04-05 or later address all issues in this bulletin and all issues in the April 2019 Android...
FreeBSD : X11 Session -- SDDM allows unauthorised unlocking (f00acdec-b59f-11e8-805d-001e2a3f778d)
MITRE reports : An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. The default configuration of SDDM on...