JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

[Out of Bounds Read in convertSubgraphFromHAL in ShimConverter.cpp in libneuralnetworks_shim_static]

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Permanent denial of service via JobScheduler#schedule with invalid NetworkCapabilities.mTransportTypes

In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for...

ID4me feature of OpenID connect app available even when disabled

Description Impact Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. Patches It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0...

there is a possible constriction of directory permissions due to path prefix verification error, resulting in DOS of some parts-related function.

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for...

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from...

OpenStack Glance Denial of service by creating a large number of images

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different...

[Out of Bounds Write in internalGetVp8Params in SoftVP8Encoder.cpp in libstagefright_soft_vpxenc]

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in register_notification_rsp in btif_rc.cc in libbtif]

In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

DoS (Denial of Service) in Confluence Data Center and Server

This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4shell-finder - Fastest file system scanner for log4j...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4jShell_1.x Log4j RCE 1.x Poc Attack...

[Out of Bounds Write in ConvertRGBToPlanarYUV in C2InterfaceHelper.cpp in libsfplugin_ccodec_utils]

In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in setOperandValue in ShimPreparedModel.cpp in libneuralnetworks_cl]

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Permanent denial of service via JobScheduler#schedule with invalid JobInfo.extras

In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

Permanent denial of service via ShortcutManager#addDynamicShortcuts with invalid Intent.mFlags

In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

[Crafted AVRCP Response Causes Out-of-bounds Read in Bluetooth]

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

Users can delete old versions of read-only shared files

Description Impact A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. Patches It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 It is recommended that the Nextcloud Enterprise Server is...

silverstripe/framework allows upload of dangerous file types

Some potentially dangerous file types exist in File.allowed_extensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...

[Out of Bounds Read in AnalyzeMfcResp in NxpMfcReader.cc in nfc_nci_nxp]

In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in deserialize in ExecutionBurstServer.cpp in libneuralnetworks_common_defaults]

In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Permanent denial of service via WifiManager#addOrUpdatePasspointConfiguration with invalid PasspointConfiguration.mDecoratedIdentityPrefix

In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for...

Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

Denial of service of Minder Server with attacker-controlled REST endpoint in...

Exploit for Out-of-bounds Write in Microsoft

CVE-2022-21882 Win32k Elevation Of Privileges...

Denial Of Service (DoS)

sqlparse is vulnerable to Denial of Service (DoS). The vulnerability is due to a lack of recursion limits, which allows an attacker to pass a heavily nested list to the parse() method resulting in a...

Denial Of Service (DoS) Through Infinite Loop

libX11.so is vulnerable to Denial of Service (DoS). The vulnerability is due to incorrect calculation of SubImageWidth in the PutSubImage function when communicating with an X server which creates oversized requests. This miscalculation triggers an infinite loop, potentially leading to a Denial of....

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j2-scan is a single binary...

CVE-2024-5295 D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4shell-finder - Fastest file system scanner for log4j...

Aimeos denial of service vulnerability in SaaS and marketplace setups

Impact All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack Patches Upgrade to the latest 2022.10 LTS, 2023.10 LTS and 2024.04.7 version of the aimeos/aimeos-core...

Aimeos denial of service vulnerability in SaaS and marketplace setups

Impact All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack Patches Upgrade to the latest 2022.10 LTS, 2023.10 LTS and 2024.04.7 version of the aimeos/aimeos-core...

Exploit for Out-of-bounds Write in Polkit Project Polkit

PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec...

moby docker daemon crash during image pull of malicious image

Impact Pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Patches Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. Credits Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the....

moby docker daemon crash during image pull of malicious image

Impact Pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Patches Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. Credits Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the....

Exploit for Improper Restriction of XML External Entity Reference in Zohocorp Manageengine Adaudit Plus

CVE-2022-28219 POC for CVE-2022-28219 affecting ManageEngine...

PHP < 4.3.1 CGI Module Force Redirect Settings Bypass Arbitrary File Access

The remote host is running PHP 4.3.0. There is a flaw in this version that could allow an attacker to execute arbitrary PHP code on this...

Denial Of Service (DoS)

pdns-recursor is vulnerable to a Denial of Service(DoS). The vulnerability is due to the Recursor's improper handling of crafted responses received from upstream servers during recursive forwarding, allows attackers to trigger a Denial of...

Denial Of Service (DoS)

github.com/vitessio/vitess is vulnerable to Denial Of Service (DoS). The vulnerability is caused by an endless loop triggered by a specific query in the vtgate component. This loop leads to continuous memory consumption, eventually resulting in Denial of Service...

Cisco Unified IP Conference Station 7937G - Denial-of-Service

Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned.....

CVE-2024-20359

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...

CVE-2024-5295 D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...

Denial of Service Vulnerability in Rustls Library

Summary rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call complete_io and are not affected. rustls::Stream and...

Denial of Service Vulnerability in Rustls Library

Summary rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call complete_io and are not affected. rustls::Stream and...

Exploit for Deserialization of Untrusted Data in Apache Log4J

&lt;......

New Attack Against Self-Driving Car AI

This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the...

CVE-2024-24829

Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version &lt;=24.1.1 contains a constrained SSRF vulnerabilit...

github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)

Impact xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. Patches The problem has been fixed in release v0.5.8. Workarounds Limit the size...

ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select

The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. For instance, the following code is affected by this issue: $db = Zend_Db::factory( /* options here */ ); $select =...

ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select

The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. For instance, the following code is affected by this issue: $db = Zend_Db::factory( /* options here */ ); $select =...

less: Fix of CVE-2024-32487

CVE-2024-32487: filename.c: quoting...