JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

WhatsApp able to use microphone even after permissions revoked & app force stop in Android 13 Pixel 6

In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for...

Cisco ASA/FTD Software - Cross-Site Scripting

Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are vulnerable to cross-site scripting and could allow an unauthenticated, remote attacker to conduct attacks against a user of the web services interface of an affected device. The vulnerabilities...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to the use of IBM Db2

Summary IBM Virtualization Engine TS7700 is susceptible to the vulnerabilities listed below due to the embedded use of IBM Db2. IBM Db2 is used in TS7700 to store metadata about the data it manages. CVE-2023-30431, CVE-2023-29257, CVE-2023-26021, CVE-2023-25930, CVE-2023-27559, CVE-2023-40692....

Password brute force attack in github.com/IceWhaleTech/CasaOS-UserService

The CasaOS web application does not have protection against password brute force attacks. An attacker can use a password brute force attack to find and gain full access to the server. This vulnerability allows attackers to get super user-level access over the...

Chef Web UI Brute Force Utility

This module attempts to login to Chef Web UI server instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also test for the default login...

Cisco Firepower Threat Defense Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...

XML Entity Expansion (XEE)

symfony/dependency-injection is vulnerable to XML Entity Expansion (XEE) . The vulnerability is due to XML Entity Expansion (XEE) attacks, where the use of libxml2 lacks defense against XEE Quadratic Blowup Attacks (QBA), allowing long entities to create a memory sink for Denial of Service attacks....

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

CVE-2024-30088 Bug: Bug is inside function...

XML Entity Expansion

symfony/symfony is vulnerable to XML Entity Expansion. The vulnerability is due to all extensions that use libxml2 having no defense against Quadratic Blowup Attacks, which involve defining a long entity that is repeatedly referenced within the XML document, thus creating a potential memory sink...

U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] XSS via arbitrary cookie name at the https://www2.██████/nssi/core/dot_stu_reg/Registration.aspx

Description We identified XSS via cookie name on the https://www2.███████/nssi/core/dot_stu_reg/Registration.aspx endpoint. The first cookie name is getting reflected on the page without sanitization: █████ POC (you can use Chrome Incognito mode for clear experiment) To trigger XSS on the...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

ThemeBleed Proof-of-Concept for CVE-2023-38146 ("ThemeBleed")...

Brute force protection bypass in github.com/argoproj/argo-cd/v2

An attacker can effectively bypass the rate limit and brute force protections in Argo CD by exploiting the application's weak cache-based mechanism. The application's brute force protection relies on a cache mechanism that tracks login attempts for each user. An attacker can overflow this cache by....

ISPM + ITDR: Proactive Cyber Defense in the AI Era

In the ever-evolving landscape of cybersecurity, staying ahead of malicious actors requires a multifaceted...

Denial Of Service

JSON-Java is vulnerable to Denial of Service. The vulnerability is due to chars with value \0 being parsed incorrectly, which can results in an input string of modest size causing indefinite amounts of memory...

CVE-2018-25084

A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting....

Granting access of protected ContentProviders on behalf of Launcher

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

Cisco Firepower Threat Defense Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level...

Denial Of Service

libexpat is vulnerable of Denial of service. The vulnerability due to many full reparsings are required in the case of a large token for which multiple buffer fills are needed. It leads to the exhaustion of available...

PQI Air Pen Express Remote Detection

Detection of installed version of PQI Air Pen Express. This script sends an HTTP GET request and tries to get the version from the ...

Denial Of Service

rack is vulnerable to a Denial of service. The vulnerability is due to header parsing routines being susceptible to carefully crafted headers, which can cause the parsing process to take longer than expected, leading to a possible denial of service issue. This specifically impacts the Accept and...

Out-Of-Bounds

chromium is vulnerable to Out-Of-Bounds. The vulnerability is due to improper handling of specific UI gestures via a crafted HTML page, potentially allowing a remote attacker to exploit heap...

Symfony XXE security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

Symfony XXE security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

symfony/translation XML Entity Expansion vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

SSL/TLS: Certificate - Self-Signed Certificate Detection

The SSL/TLS certificate on this port is...

F5 BIG-IP - BIG-IP ASM Proactive Bot Defense vulnerability CVE-2016-7472

When Proactive Bot Defense is configured, BIG-IP ASM 12.1.0 and 12.1.1 systems may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP header....

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

Mattermost leaks details of AD/LDAP groups of a teams

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member...

Denial Of Service (DoS)

eventlet and dnspython are vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of enforcing the preferred behavior of waiting for a valid packet during DNS name resolution, allowing remote attackers to interfere with the resolution process by quickly sending an invalid packet....

Denial Of Service (DoS)

io.netty: netty-codec-http is vulnerable to Denial Of Service (DoS). The vulnerability is due to missing form field restrictions within the HttpPostRequestDecoder class. An attacker can send a chunked POST request with many small form fields, possibly resulting in Denial of Service...

Denial Of Service (DoS)

nodejs is vulnerable to Denial Of Service (DoS). The vulnerability exists when an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API. A non-expected termination occurs, making it susceptible to Denial of Service (DoS) attacks. In this scenario, an...

Denial Of Service

dnsmasq is vulnerable to Denial of Service. The vulnerability due to KeyTrap issue when dealing with a zone that contains numerous DNSKEY (DNS Key) and RRSIG (Resource Record Signature) records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG....

Denial Of Service

dnsmasq is vulnerable to Denial Of Service. The attacker can exploit this vulnerability by sending crafted DNSSEC responses to the target system, causing it to consume excessive CPU...

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

CVE-2023-1740

A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin/user/manage_user.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible....

symfony/validator XML Entity Expansion vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

CVE-2023-2155

A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file classes/Master.php?f=save_cargo_type. The manipulation of the argument name leads to cross site scripting. The attack can be...

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

Denial Of Service (DoS)

socket.io is vulnerable to Denial Of Service (DoS). The vulnerability is due to a specially crafted Socket.IO packet triggering an uncaught exception, which kills the Node.js process, allowing an attacker to crash the server by sending a malicious...

Denial Of Service (DoS)

org.apache.tomcat: tomcat-websocket is vulnerable to Denial of Service (DoS). The vulnerability is due to improper cleanup of WebSocket connections during a session timeout. If a client fails to send a close message within the timeout period, the websocket connection will continue to hold...

symfony/translation XML Entity Expansion vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

Denial Of Service (DoS)

Apache Avro is vulnerable to Buffer Overflow. The vulnerability is due to improper handling of deserialization when processing untrusted or corrupted data. This can result in a reader consuming memory beyond the allowed constraints, potentially leading to an out-of-memory condition on the...

Exploit for Race Condition in Microsoft

CVE-2023-36884: MS Office HTML RCE with crafted documents On...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling of untrusted data in the _load_model_from_local_file function within the sklearn/init .py. The vulnerability allows an attacker to inject a malicious pickle object into a model file on...

Denial Of Service (DoS)

samba is vulnerable to Denial of Service (DoS) attacks. This vulnerability occurs when Samba parses a specially crafted RPC request. If the request is valid, Samba will enter an infinite loop. This could cause Samba to consume excessive CPU resources and eventually...

U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] Unsafe AMF deserialization (CVE-2017-5641) in Apache Flex BlazeDS at the https://www.███████/daip/messagebroker/amf

Description We identified potential unsafe deserialization vulnerability on the https://www.█████/daip/messagebroker/amf endpoint. POC To exclude false-positive reaction and show that pingback is result of AMF deserialization, and not a reaction to the external host in the POST body, first run...

Denial Of Service (DoS)

langchain is vulnerable to a Denial-of-Service (DoS). The vulnerability is due to infinite recursion in the parse_sitemap method, which results in an infinite loop that exceeds the maximum recursion depth in...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization in the function _load_model_from_local_file within sklearn/init.py. An attacker can inject a malicious pickle object into a model file on upload, which will be deserialized resulting in...

Denial Of Service (DoS)

org.apache.tomcat, tomcat-coyote is vulnerable to Denial of Service (DoS). The vulnerability is due to improper request handling when processing an HTTP/2 request that exceeds any of the configured limits for headers, leading to the associated HTTP/2 stream not being reset until after all of the...