JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

DNP3 Link Layer Brute Force Addressing Disclosure

The DNP3 protocol is a multi-layer protocol that begins with a link layer connection. The DNP3 link layer address is required to establish a link layer connection. The DNP3 link layer address for the host was easily guessed, and a valid DNP3 link layer connection was established. If a link...

OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image

OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not...

Denial of service of Minder Server with attacker-controlled REST endpoint

The Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the REST ingester, Minder sends.....

rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter

Summary The next ruby code is vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not contrained to any limitation. Which would lead to allocating resources on the server side with no limitation (CWE-770). ruby runs =...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034-PwnKit PwnKit PoC for Polkit pkexec...

Temporal Server Denial of Service in go.temporal.io/server

Temporal Server Denial of Service in...

rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter

Summary The next ruby code is vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not contrained to any limitation. Which would lead to allocating resources on the server side with no limitation (CWE-770). ruby runs =...

MSSQL Login Utility

This module simply queries the MSSQL instance for a specific user/pass (default is sa with...

Exploit for Deserialization of Untrusted Data in Apache Log4J

CVE-2021-44228! The current program remove the class...

CVE-2023-27152

DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass...

Moodle CSRF risk in analytics management of models

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...

read&write private files of apps without any permission

In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

[Auto] [Bluetooth] Heap OOB write of 0x00 in SDP_AddAttribute

In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

CVE-2023-23638 仅供学习研究 ZooKeeper 自备 测试环境为 Java 8, 其它版本尚未测试,...

Denial Of Service (DoS)

libfrr.so is vulnerable to Denial Of Service (DoS). The vulnerability is due to insufficient handling of NULL return values when calling functions in the get_edge() function within ospf_te.c in the OSPF daemon, resulting in a crash of the daemon and subsequent denial of...

CVE-2024-28833 Missing brute-force protection for two factor authentication

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor...

Exploit for Improper Restriction of Excessive Authentication Attempts in Lexmark B2236 Firmware

PoC for CVE-2023-22960...

Time-of-check time-of-use race condition in github.com/containers/podman/v4

A Time-of-check Time-of-use (TOCTOU) flaw appears in this version of podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file...

CVE-2023-2974

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS...

Mishandling of corrupt central directory record in archive/zip

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4jUnifi Exploiting CVE-2021-44228 in Unifi Network...

CVE-2024-28833 Missing brute-force protection for two factor authentication

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor...

Cisco Firepower Management Center Software Object Group Access Control List Bypass (cisco-sa-fmc-object-bypass-fTH8tDjq)

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....

Azure Storage Movement Client Library Denial of Service Vulnerability

Azure Storage Movement Client Library Denial of Service...

Reading contacts of other users using emergency contact settings

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Bypass of device carrier restrictions (OS Version = android 12)

In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[KASAN: slab-out-of-bounds in emulation_proc_handler+0x17c/0x1c8]

In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

CVE-2023-23638 仅供学习研究 ZooKeeper 自备 测试环境为 Java 8, 其它版本尚未测试,...

Gitea allowed assignment of private issues in code.gitea.io/gitea

Gitea allowed assignment of private issues in...

gqlparser denial of service vulnerability via the parserDirectives function

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives...

Azure Storage Movement Client Library Denial of Service Vulnerability

Azure Storage Movement Client Library Denial of Service...

[Out of Bounds Read in BNEP_ConnectResp Function in bnep_api.cc in BluetoothOut of Bounds Read in BNEP_ConnectResp Function in bnep_api.cc in BluetoothOut of Bounds Read in BNEP_ConnectResp Function in bnep_api.cc in Bluetooth]

In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for...

ReadToMyShoe - Generation of Error Message Containing Sensitive Information

ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which...

gqlparser denial of service vulnerability via the parserDirectives function

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-honeypot-flask Internal network honeypot for detecting...

ansible: Fix of CVE-2023-5764

CVE-2023-5764: avoid evaluate unsafe...

VMware Carbon Black Cloud Endpoint Standard Installed (Windows)

VMware Carbon Black Cloud Endpoint Standard, formerly Cb Defense and Confer, is installed on the remote Windows...

Exploit for Allocation of Resources Without Limits or Throttling in Apache Http Server

CVE-2024-27316 I decided to call this vulnerability...

Exploit for Cleartext Transmission of Sensitive Information in Securenvoy Multi-Factor Authentication Solutions

securenvoy-cve-2024-37393 RESPONSIBLE DISCLOSURE...

CVE-2024-28825 Brute-force protection ineffective for some login methods

Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password...

[Out of Bounds Write in attp_build_value_cmd in libbt-stack]

In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

Potential Intent Redirection issue in SettingsActivity of Settings app

In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

Exploit for Out-of-bounds Write in Fortinet Fortios-6K7K

CVE-2023-27997 Vulnerability Assessment Tool Safely detect...

VMware Carbon Black Cloud Endpoint Standard Installed (macOS)

VMware Carbon Black Cloud Endpoint Standard, formerly Cb Defense and Confer, is installed on the remote macOS...

Improper Restriction Of Rendered UI Layers Or Frames (Clickjacking)

zenml is vulnerable to Improper Restriction of Rendered UI Layers or Frames (Clickjacking). The vulnerability is due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers, allowing an attacker to embed the application UI within an iframe on a...

Denial of Service in dhowden/tag

dhowden tag before 0.0.0-20201120070457-d52dcb253c63 allows panic: runtime error: index out of range via...

Denial of Service in dhowden/tag

dhowden tag before 0.0.0-20201120070457-d52dcb253c63 allows panic: runtime error: index out of range via...

zfr authentication adapter did not verify validity of tokens

Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a (release 0.1.2), tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication...

TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

Use Of Cryptographically Weak Pseudo-Random Number Generator

stormpath/sdk is vulnerable to Use Of Cryptographically Weak Pseudo-Random Number Generator. This vulnerability is due to an insecure generation of UUID version...