Binary 资源管理错误漏洞

Binary is a library by the individual developers of gagliardetto. It is used for encoding/decoding Borsh and other formats. A security vulnerability exists in Binary versions prior to 0.7.1. An attacker exploited the vulnerability to allocate slices in memory with arbitrarily oversized values,...

CVE-2022-20335

In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20335

In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20335

In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Privilege escalation

In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20335

In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20335

CVE-2022-20335 (Android 13) affects the Wifi Slice component where a missing permission check allows an attacker to adjust Wi‑Fi settings, enabling local escalation of privilege with no user interaction required. Root cause: insufficient permission validation in the Wifi Slice flow. Impact: local...

PT-2022-14561 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to Android-13 Description: In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. This could lead to local escalation of privilege...

GLSA-202208-02 : Go: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-02 Go: Multiple Vulnerabilities - Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. CVE-2020-28366 - Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. CVE-2020-28367 - encoding/xml in Go...

[SECURITY] Fedora 36 Update: go-bindata-3.0.7-23.gita0ff256.fc36

A small utility which generates Go code from any file This tool converts any file into managable Go source code. Useful for embedding binary data into a go program. The file data is optionally gzip compressed before being converted to a raw byte slice...

[SECURITY] Fedora 36 Update: go-bindata-3.0.7-22.gita0ff256.fc36

A small utility which generates Go code from any file This tool converts any file into managable Go source code. Useful for embedding binary data into a go program. The file data is optionally gzip compressed before being converted to a raw byte slice...

FFmpeg decode_slice_header() function denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the Ffmpeg team. A denial of service vulnerability exists in the FFmpeg decodesliceheader function, which can be exploited by an attacker to cause a denial of service attack...

UBUNTU-CVE-2014-125019

A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decodenalunit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix thi...

CVE-2014-125019 FFmpeg Slice Segment decode_nal_unit memory corruption

A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decodenalunit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix thi...

FFmpeg 缓冲区错误漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the Ffmpeg team. A denial of service vulnerability exists in the FFmpeg decodesliceheader function, which can be exploited by an attacker to cause a denial of service attack...

CVE-2014-125010 FFmpeg h64.c decode_slice_header memory corruption

A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decodesliceheader of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue...

FFmpeg 缓冲区错误漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the Ffmpeg team. A denial of service vulnerability exists in the FFmpeg decodesliceheader function, which can be exploited by an attacker to trigger an out-of-bounds read memory access...

Miscomputation when performing AES encryption in rust-crypto

The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...

GHSA-PMCV-MGCF-RVXG Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

GHSA-34HF-G744-JW64 i18n Vulnerable to Denial of Service Attack

Hashslice in lib/i18n/coreext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service application crash via a call in a situation where :somekey is present in keepkeys but not present in the hash...