EulerOS Virtualization 2.10.0 : perl-Encode (EulerOS-SA-2022-2878)

According to the versions of the perl-Encode package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLoca...

EulerOS Virtualization 2.10.1 : perl-Encode (EulerOS-SA-2022-2896)

According to the versions of the perl-Encode package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLoca...

GO-2022-1155 Panic in github.com/ipfs/go-merkledag

A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. Additionally, use of the ProtoNode.SetCidBuilder method to set non-functioning CidBuilder such as one that refers to a multihash where ...

CVE-2022-42521

In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Out-of-bounds

In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Out-of-bounds

In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Out-of-bounds

In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Out-of-bounds

In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-42510

CVE-2022-42510 involves the Android kernel component where the function is StringsRequestData::encode in requestdata.cpp. The root cause is an out-of-bounds read caused by improper input validation, which could enable a local escalation of privilege with System execution privileges required. Expl...

PT-2022-26472 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the EmbmsSessionData::encode function due to a missing bounds check. This could lead to local escalation of privilege, requiring System execution privileges...

CVE-2022-42511

CVE-2022-42511 affects EmbmsSessionData::encode in embmsdata.cpp. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with System execution privileges required. User interaction is not needed. The available documents consistently describe ...

PT-2022-26469 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the CallDialReqData::encode function of callreqdata.cpp due to a missing bounds check. This could lead to local escalation of privilege with System executio...

PT-2022-26483 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the wlandata.cpp encode due to improper input validation. This could lead to local escalation of privilege, with System execution privileges required for...

Server-side Request Forgery (SSRF)

cxf-core is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to the lack of URL encode in MTOM content-id, which allows an attacker to perform SSRF-style attacks on web services that take at least one parameter of any type through the href attribute of XOP:Include...

CVE-2022-23495

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

Input validation

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

CVE-2022-23495 ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

CVE-2022-23495

CVE-2022-23495 concerns go-merkledag where a modified or decoded ProtoNode can be placed into an unencodeable form, causing encode errors that panic on calls that do not return errors. This behavior is tied to the DAGService/IPLD node handling and may be triggered by inputs using a non-validated ...

CVE-2022-23495 ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

go-merkledag's ProtoNode may be modified such that common method calls may panic

Impact A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error fro...