4 matches found
CVE-2026-2330 CVE-2026-2330
An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could...
Deposit whitelist enforced on msg.sender instead of user
Handle 0xRajeev Vulnerability details Impact The Treasury deposit function credits amount to the user address in parameter instead of the msgSender that is actually making the deposit whose rationale as explained in the Natspec comment is that this may be called via contract or L1-L2 bot. However...
PT-2021-5145 · Xstream +5 · Xstream +5
Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.16 Description: The issue is related to the XStream Java library, which is used for serializing objects to XML and back again. It may allow a remote attacker to load and execute arbitrary code from a remote host ...
CVE-2011-2370
Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a 1 add-on or 2 theme via unspecified vectors...