JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

ReadToMyShoe - Generation of Error Message Containing Sensitive Information

ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which...

Mattermost Server doesn't limit the number of user preferences

Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of...

Displaying photos of other users via a notification with RemoteViews.setIcon/4

In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...

Registering BroadcastReceiver as another app through IApplicationThread of isolated external service

In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...

[Out of Bounds Read in avdt_scb_hdl_pkt_no_frag Function in avdt_scb_act.cc in Bluetooth]

In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Write in bta_av_rc_disc_done Function in bta_av_act.cc in Bluetooth]

In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Regression] Uninstalling of packages by DPC does not work in T

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in process_service_search_rsp Function in sdp_discoverty.cc in Bluetooth]

In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML...

[Crafted HFP Client Packet Causes Out-of-bounds Read in Bluetooth]

In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for...

Exploit for Deserialization of Untrusted Data in Apache Activemq

ActiveMQ-Exploit English |...

Impact of TunnelVision Vulnerability

The Palo Alto Networks Product Security Assurance team has evaluated the TunnelVision vulnerability as it relates to our products. This issue allows an attacker with the ability to send DHCP messages on the same local area network, such as a rogue Wi-Fi network, to leak traffic outside of the...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919 Esse projeto tem como objetivo criar uma...

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution

The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to...

Exploit for Improper Preservation of Permissions in Mobyproject Moby

CVE-2021-41091 This exploit offers an in-depth look at the...

Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy

Impact An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other namespaces. By using a crafted endpointSelector that uses the DoesNotExist operator....

Cisco Adaptive Security Appliance Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...

Use Of Cryptographically Weak Pseudo-Random Number Generator

stormpath/sdk is vulnerable to Use Of Cryptographically Weak Pseudo-Random Number Generator. This vulnerability is due to an insecure generation of UUID version...

Exposure Of Sensitive Information To An Unauthorized Actor

silverstripe/userforms is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. This vulnerability is due to insufficient authorization checks in submission notification emails, potentially enabling an attacker to access sensitive files uploaded through the forms without proper....

Bouncy Castle Denial of Service (DoS)

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-honeypot-flask Internal network honeypot for detecting...

Deserialization Of Untrusted Data

Whaleal IceFrog is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists in the aviator Template Engine which can result in code...

TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual.....

Microsoft Common Data Model SDK Denial of Service Vulnerability

Microsoft Common Data Model SDK Denial of Service...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919-PoC ![Screenshot of the exploit...

Mattermost fails to limit the number of active sessions

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions...

PyMongo Out-of-bounds Read in the bson module

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

PHP < 4.3.1 CGI Module Force Redirect Settings Bypass Arbitrary File Access

The remote host is running PHP 4.3.0. There is a flaw in this version that could allow an attacker to execute arbitrary PHP code on this...

Denial Of Service (DoS)

octo-sts is vulnerable to Denial of Service (DoS). The vulnerability is due to missing HTTP request response size checks, which allows an attacker to cause a Denial of Service by flooding the STS service with...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034-PwnKit PwnKit PoC for Polkit pkexec...

moby docker daemon crash during image pull of malicious image

Impact Pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Patches Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. Credits Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the....

Minder affected by denial of service from maliciously configured Git repository

Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...

ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select

The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. For instance, the following code is affected by this issue: $db = Zend_Db::factory( /* options here */ ); $select =...

ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select

The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. For instance, the following code is affected by this issue: $db = Zend_Db::factory( /* options here */ ); $select =...

Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal Elementor Addons

WP-CVE-2023-5360 Royal Elementor Addons and Templates &lt;=...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

Check Point Security Gateways Information Disclosure -...

Exploit for Out-of-bounds Write in Microsoft

CVE-2022-37969 Windows Local Privilege Escalation PoC...

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074)

Summary B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074). IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment. Vulnerability...

Leak of sensitive information to log files in github.com/hashicorp/go-retryablehttp

URLs were not sanitized when writing them to log files. This could lead to writing sensitive HTTP basic auth credentials to the log...

Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal Elementor Addons

CVE-2023-5360 CVE-2023-5360 Auto...

Time-of-check time-of-use race condition in github.com/containers/podman/v4

A Time-of-check Time-of-use (TOCTOU) flaw appears in this version of podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file...

Exploit for Improper Validation of Specified Quantity in Input in Linux Linux Kernel

RNDIS-CO Summary The RNDIS USB Gadget may be exploited...

Permanent device denial of service due to improper input validation in AppOpsService

In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

Leak of cross-user contact data in FDN contact importation in Telephony

In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in outputs in parseInputs in ShimPreparedModel.cpp in libneuralnetworks_shim_static]

In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read and Write in configureProducer in C2BqBuffer.cpp in libcodec2_vndk]

In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for...

Exploit for Unrestricted Upload of File with Dangerous Type in Elementor Website Builder

WP Elementor 3.6.0/1/2 Remote Code Execution ``` Google...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

CVE-2023-23638 仅供学习研究 ZooKeeper 自备 测试环境为 Java 8, 其它版本尚未测试,...

Denial Of Service (DoS)

Microsoft.AspNetCore.App.Runtime is vulnerable to Denial of Service (DoS). The vulnerability is caused by a deadlock that occurs within the .NET Kestrel web server, specifically impacting the handling of concurrent requests under certain conditions, which allows an attacker to potentially disrupt.....