JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

Leak of cross-user contact data in FDN contact importation in Telephony

In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in outputs in parseInputs in ShimPreparedModel.cpp in libneuralnetworks_shim_static]

In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read and Write in configureProducer in C2BqBuffer.cpp in libcodec2_vndk]

In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for...

Exploit for Unrestricted Upload of File with Dangerous Type in Elementor Website Builder

WP Elementor 3.6.0/1/2 Remote Code Execution ``` Google...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

CVE-2023-23638 仅供学习研究 ZooKeeper 自备 测试环境为 Java 8, 其它版本尚未测试,...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

**Check Point Security Gateway RCE Exploit Tool...

Denial Of Service (DoS)

Microsoft.AspNetCore.App.Runtime is vulnerable to Denial of Service (DoS). The vulnerability is caused by a deadlock that occurs within the .NET Kestrel web server, specifically impacting the handling of concurrent requests under certain conditions, which allows an attacker to potentially disrupt.....

RIOT 2024.01 Buffer Overflows / Lack Of Size Checks / Out-Of-Bound Access

...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Apache Shardingsphere Elasticjob-Ui

CVE-2022-22733 CVE-2022-22733 is a vulnerabilit that...

ansible: Fix of CVE-2023-5764

CVE-2023-5764: avoid evaluate unsafe...

Mattermost fails to limit the size of a request path

Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 and 8.1.x <= 8.1.11 fail to limit the size of a request path that includes user inputs which allows an attacker to cause excessive resource consumption, possibly leading to a DoS via sending large request...

Traefik vulnerable to denial of service with Content-length header

There is a potential vulnerability in Traefik managing requests with Content-length and no body . Sending a GET request to any Traefik endpoint with the Content-length request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to...

TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual.....

Exploit for Out-of-bounds Write in Fortinet Fortios-6K7K

CVE-2023-27997 Vulnerability Assessment Tool Safely detect...

Microsoft Common Data Model SDK Denial of Service Vulnerability

Microsoft Common Data Model SDK Denial of Service...

Exploit for Improper Restriction of XML External Entity Reference in Zohocorp Manageengine Adaudit Plus

CVE-2022-28219 POC for CVE-2022-28219 affecting ManageEngine...

Permanent device denial of service due to bypassing snoozed notifications limit number

In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

Exploit for Deserialization of Untrusted Data in Vmware Spring For Apache Kafka

CVE-2023-34040 Spring Kafka Deserialization Remote Code...

Mattermost fails to properly restrict the access of files attached to posts

Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is...

Deserialization Of Untrusted Data

timber/timber is vulnerable to Deserialization of Untrusted Data. The vulnerability due to a lack of input validation before passing it into the file_exists function. An attacker can execute arbitrary code by uploading files of any type to the server which then gets passed in the phar:// protocol.....

Denial Of Service (DoS)

github.com/argoproj/argo-cd/ is vulnerable to Denial Of Service (DoS). The vulnerability is due to inadequate validation of input within the ignoreDifferences configuration, allowing an attacker to craft a jqPathExpressions which consumes excessive memory, leading to a DoS...

CVE-2023-25818

Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit 704eb3aa password reset attempts are now throttled. Note...

OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image

OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not...

Denial of Service in dhowden/tag

dhowden tag before 0.0.0-20201120070457-d52dcb253c63 allows panic: runtime error: index out of range via...

Denial of Service in dhowden/tag

dhowden tag before 0.0.0-20201120070457-d52dcb253c63 allows panic: runtime error: index out of range via...

Pterodactyl Wings vulnerable to improper isolation of server file access

Impact This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory (sandbox root) is...

Moodle CSRF risk in admin preset tool management of presets

Actions in the admin preset tool did not include the necessary token to prevent a CSRF...

Exploit for Deserialization of Untrusted Data in Apache Log4J

CVE-2021-44228! The current program remove the class...

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...

Cosign malicious attachments can cause system-wide denial of service

Summary A remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other....

Cisco Unified IP Conference Station 7937G - Denial-of-Service

Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned.....

DoS (Denial of Service) com.google.code.gson:gson Dependency in Crucible Data Center and Server

This High severity com.google.code.gson:gson Dependency vulnerability was introduced in version 4.8.0 of Crucible Data Center and Server. This com.google.code.gson:gson Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

[Out of Bounds Read and Write in onQueueFilled in outQueue in libstagefright_soft_mpeg4dec]

In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in SUBGRAPH in convertSubgraphFromHAL in ShimConverter.cpp in libneuralnetworks_shim_static]

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

ADP Grant - Starting arbitrary Activities via SettingsHomepageActivity on behalf of uid 1000

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919 An Vulnerability detection and Exploitation...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

CVE-2023-23638 仅供学习研究 ZooKeeper 自备 测试环境为 Java 8, 其它版本尚未测试,...

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

CVE-2024-24829

Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerabilit...

Exposure Of Sensitive Information To An Unauthorized Actor

Mattermost is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to a lack of proper authorization checks in the /api/v4/groups//channels//link endpoint, allowing users to learn members of an AD/LDAP group linked to a team by adding the group to a...

LuckyWP Table of Contents <= 2.1.4 - Reflected Cross-Site Scripting

Description The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the attrs parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)

Impact xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. Patches The problem has been fixed in release v0.5.8. Workarounds Limit the size...

Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). Thanks to Enze...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4jUnifi Exploiting CVE-2021-44228 in Unifi Network...

Denial of service of Minder Server with attacker-controlled REST endpoint

The Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the REST ingester, Minder sends.....

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919 Quick and simple script that takes as input a...

apko Exposure of HTTP basic auth credentials in log output

Summary Exposure of HTTP basic auth credentials from repository and keyring URLs in log output Details There was a handful of instances where the apko tool was outputting error messages and log entries where HTTP basic authentication credentials were exposed for one of two reasons: The%s verb was.....

Moodle CSRF risk in admin preset tool management of presets

Actions in the admin preset tool did not include the necessary token to prevent a CSRF...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

Recon Tool Installation git clone...

Exploit for Integer Overflow or Wraparound in Linux Linux Kernel

CVE-2022-0185 This repo contains demo exploits for...