JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

json-path Out-of-bounds Write vulnerability

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse()...

Generation of Error Message Containing Sensitive Information in zsa

Impact All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit...

Generation of Error Message Containing Sensitive Information in zsa

Impact All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit...

Drupal core Denial of Service

A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are...

Drupal core Denial of Service

A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are...

Insufficient Verification Of Data Authenticity

sshpiper is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to the proxy protocol listener which does specify a specific listener, allowing an attacker forage the proxy source...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Putty

CVE-2024-31497 POC This vulnerability exploits the biased...

TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual.....

Exploit for Improper Validation of Specified Quantity in Input in Cisco Rv340 Firmware

CVE-2022-20699 🎧...

Exploit for Out-of-bounds Write in Linux Linux Kernel

CVE-2021-22555 pipe version Using pipe-primitive to...

CVE-2024-21652 Argo CD vulnerable to Bypassing of Brute Force Protection via Application Crash and In-Memory Data Loss

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute...

PyMongo Out-of-bounds Read in the bson module

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

Mattermost Server doesn't limit the number of user preferences

Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of...

zfr authentication adapter did not verify validity of tokens

Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a (release 0.1.2), tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication...

TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

Exposure Of Sensitive Information To An Unauthorized Actor

silverstripe/userforms is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. This vulnerability is due to insufficient authorization checks in submission notification emails, potentially enabling an attacker to access sensitive files uploaded through the forms without proper....

OpenSSL -- Denial of Service vulnerability

The OpenSSL project reports: Excessive time spent checking DSA keys and parameters (Low) Checking excessively long DSA keys or parameters may be very ...

Drupal core Denial of Service

A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are...

PyMongo Out-of-bounds Read in the bson module

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

PyMongo Out-of-bounds Read in the bson module

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

CVE-2024-21652 Argo CD vulnerable to Bypassing of Brute Force Protection via Application Crash and In-Memory Data Loss

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute...

TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual.....

Drupal core Denial of Service

A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are...

Exploit for Out-of-bounds Write in Live2D Cubism Editor

MOC3ingbird DoS 日本語版：README_JA.md This...

Mattermost fails to limit the number of active sessions

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions...

Cisco Adaptive Security Appliance Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...

Exposure Of Sensitive Information To An Unauthorized Actor

Mattermost is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to a lack of proper authorization checks in the /api/v4/groups//channels//link endpoint, allowing users to learn members of an AD/LDAP group linked to a team by adding the group to a...

Exploit for Improper Validation of Specified Quantity in Input in Linux Linux Kernel

RNDIS-CO Summary The RNDIS USB Gadget may be exploited...

Operation Celestial Force employs mobile and desktop malware to target Indian entities

By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...

Exploit for Use After Free in Microsoft

PoC for CVE-2023-36802 Exploit targeting MSKSSRV.SYS driver....

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034-CTF-writeup This is a CTF pwn challenge that I...

openstack-barbican Denial of Service vulnerability

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of...

Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana

Grafana Spoofing originalUrl of snapshots in...

PyMongo Out-of-bounds Read in the bson module

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

Denial Of Service (DoS)

Libraries that implement HTTP/2 are vulnerable to Denial Of Service (DoS). The vulnerability could be exploited by attackers via sending a large number of HTTP/2 requests to a vulnerable server, then canceling them, causing the server to consume excessive resources and become unavailable to...

Microsoft Common Data Model SDK Denial of Service Vulnerability

Microsoft Common Data Model SDK Denial of Service...

OpenStack Glance Denial of service by creating a large number of images

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the...

Cisco IOS XE Software Unified Threat Defense DoS (cisco-sa-snort-dos-s2R7W9UU)

According to its self-reported version, Cisco UTD Software is affected by a denial of service vulnerability. A denial of service (DoS) vulnerability exists in the way the Snort detection engine processes ICMP traffic. An unauthenticated, remote attacker can exploit this issue by sending a series...

Permanent denial of service via PackageManager#setPackagesSuspended with invalid SuspendParams.launcherExtras

In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for...

Bypass patch of 209446496: Secondary user could disable secure nfc

In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User.....

[Out of Bounds Write in phNciNfc_MfCreateXchgDataHdr in phNxpExtns_MifareStd.cpp in libnfc_nci_jni]

In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

silverstripe/framework allows upload of dangerous file types

Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...

apko Exposure of HTTP basic auth credentials in log output

Summary Exposure of HTTP basic auth credentials from repository and keyring URLs in log output Details There was a handful of instances where the apko tool was outputting error messages and log entries where HTTP basic authentication credentials were exposed for one of two reasons: The%s verb was.....

Microsoft Common Data Model SDK Denial of Service Vulnerability

Microsoft Common Data Model SDK Denial of Service...

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from...

Exploit for Deserialization of Untrusted Data in Vmware Spring For Apache Kafka

CVE-2023-34040 Spring Kafka Deserialization Remote Code...

Permanent denial of service via JobScheduler#schedule with invalid NetworkCapabilities.mTransportTypes

In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in convertSubgraphFromHAL in ShimConverter.cpp in libneuralnetworks_shim_static]

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

ID4me feature of OpenID connect app available even when disabled

Description Impact Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. Patches It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4shell-finder - Fastest file system scanner for log4j...