EUVD-2022-25386

Malicious code in bioql PyPI...

CVE-2022-20126

The vulnerability CVE-2022-20126 affects Android (Android-10 to Android-12L) via the Bluetooth stack: in AdapterService.java, setScanMode can enable Bluetooth discovery mode without user interaction due to a missing permission check. This creates local elevation of privilege with user execution p...

ASB-A-203431023

In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...

Insecure Access Controls

awsencryptionsdkcli does correctly enforce strict mode. The application operates in discovery mode even when strict mode is specified, allowing various operations within the package which would otherwise be restricted...

GHSA-2XWP-M7MQ-7Q3R CLI does not correctly implement strict mode

In the affected versions, the AWS Encryption CLI operated in "discovery mode" even when "strict mode" was specified. Although decryption only succeeded if the user had permission to decrypt with at least one of the CMKs, decryption could be successful using a CMK that was not included in the...

CLI does not correctly implement strict mode

In the affected versions, the AWS Encryption CLI operated in "discovery mode" even when "strict mode" was specified. Although decryption only succeeded if the user had permission to decrypt with at least one of the CMKs, decryption could be successful using a CMK that was not included in the...