CVE-2022-42521

In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Out-of-bounds

In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Out-of-bounds

In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Out-of-bounds

In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Out-of-bounds

In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2022-42510

CVE-2022-42510 involves the Android kernel component where the function is StringsRequestData::encode in requestdata.cpp. The root cause is an out-of-bounds read caused by improper input validation, which could enable a local escalation of privilege with System execution privileges required. Expl...

PT-2022-26472 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the EmbmsSessionData::encode function due to a missing bounds check. This could lead to local escalation of privilege, requiring System execution privileges...

CVE-2022-42511

CVE-2022-42511 affects EmbmsSessionData::encode in embmsdata.cpp. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with System execution privileges required. User interaction is not needed. The available documents consistently describe ...

PT-2022-26469 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the CallDialReqData::encode function of callreqdata.cpp due to a missing bounds check. This could lead to local escalation of privilege with System executio...

PT-2022-26483 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the wlandata.cpp encode due to improper input validation. This could lead to local escalation of privilege, with System execution privileges required for...

Server-side Request Forgery (SSRF)

cxf-core is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to the lack of URL encode in MTOM content-id, which allows an attacker to perform SSRF-style attacks on web services that take at least one parameter of any type through the href attribute of XOP:Include...

CVE-2022-23495

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

Input validation

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

CVE-2022-23495 ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

CVE-2022-23495

CVE-2022-23495 concerns go-merkledag where a modified or decoded ProtoNode can be placed into an unencodeable form, causing encode errors that panic on calls that do not return errors. This behavior is tied to the DAGService/IPLD node handling and may be triggered by inputs using a non-validated ...

CVE-2022-23495 ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

go-merkledag's ProtoNode may be modified such that common method calls may panic

Impact A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error fro...

GHSA-X39J-H85H-3F46 go-merkledag's ProtoNode may be modified such that common method calls may panic

Impact A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error fro...

XSS to LFI in Runcode Feature

Description By default runcode santized document prefix but if html encode to...

GSD-2022-1006970 usb: gadget: uvc: fix sg handling during video encode

usb: gadget: uvc: fix sg handling during video encode This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.77 by commit...