JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

Cisco Firepower Threat Defense Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level...

WhatsApp able to use microphone even after permissions revoked & app force stop in Android 13 Pixel 6

In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for...

Denial Of Service

libexpat is vulnerable of Denial of service. The vulnerability due to many full reparsings are required in the case of a large token for which multiple buffer fills are needed. It leads to the exhaustion of available...

CVE-2023-1740

A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin/user/manage_user.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible....

Denial Of Service

rack is vulnerable to a Denial of service. The vulnerability is due to header parsing routines being susceptible to carefully crafted headers, which can cause the parsing process to take longer than expected, leading to a possible denial of service issue. This specifically impacts the Accept and...

Denial Of Service

dnsmasq is vulnerable to Denial of Service. The vulnerability due to KeyTrap issue when dealing with a zone that contains numerous DNSKEY (DNS Key) and RRSIG (Resource Record Signature) records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG....

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

Out-Of-Bounds

chromium is vulnerable to Out-Of-Bounds. The vulnerability is due to improper handling of specific UI gestures via a crafted HTML page, potentially allowing a remote attacker to exploit heap...

CVE-2023-1856

A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/transactions/track_shipment.php of the component GET Parameter Handler. The manipulation of the argument id...

CVE-2023-1564

A vulnerability was found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/transactions/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql...

F5 BIG-IP - BIG-IP ASM Proactive Bot Defense vulnerability CVE-2016-7472

When Proactive Bot Defense is configured, BIG-IP ASM 12.1.0 and 12.1.1 systems may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP header....

symfony/validator XML Entity Expansion vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

CVE-2023-2155

A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file classes/Master.php?f=save_cargo_type. The manipulation of the argument name leads to cross site scripting. The attack can be...

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

Denial Of Service

dnsmasq is vulnerable to Denial Of Service. The attacker can exploit this vulnerability by sending crafted DNSSEC responses to the target system, causing it to consume excessive CPU...

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

U.S. Dept Of Defense: reflected xss [CVE-2020-3580]

Hey Security Team It was observed that the application is vulnerable to cross-site scripting (XSS). XSS is a type of attack that involves running a malicious scripts on a victim’s browser. website: ███████ attached When the user clicks submit, his information will be stolen Impact Cookie Stealing.....

symfony/translation XML Entity Expansion vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

CVE-2024-26606 binder: signal epoll threads of self-work

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read...

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

symfony/validator XML Entity Expansion vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

Granting access of protected ContentProviders on behalf of Launcher

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2023-1480

A vulnerability classified as critical was found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument un leads to sql injection.....

CVE-2023-1481

A vulnerability, which was classified as problematic, has been found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this issue is some unknown functionality of the file modules/balance/index.php?view=balancelist of the component POST Parameter Handler. The...

Cisco Firepower Threat Defense Software Web Services DoS Vulnerability (cisco-sa-asaftd-websrvs-dos-X8gNucD2)

According to its self-reported version, the remote Cisco Firepower Threat Defense Software is affected by a denial of service (DoS) vulnerability, due to incomplete error checking when parsing HTTP headers. An unauthenticated, remote attacker can exploit this issue, via specially crafted HTTP...

PQI Air Pen Express Remote Detection

Detection of installed version of PQI Air Pen Express. This script sends an HTTP GET request and tries to get the version from the ...

symfony/translation XML Entity Expansion vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

Denial Of Service (DoS)

TYPO3 is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper validation of anonymous user sessions in the built-in record registration functionality using recs URL parameters, allowing attackers to create an arbitrary amount of individual session-data records in the...

Denial Of Service (DoS)

ch.qos.logback:logback-classic is vulnerable to Denial Of Service (DoS). The vulnerability is due to the readObject() method in the LoggingEventVO class which fails to check the length of an argument array during deserialization. An attacker could send crafted data, resulting in Denial of Service.....

Denial Of Service (DoS)

org.springframework: spring-core is vulnerable to Denial of Service (DoS). The vulnerability is due to the mishandling of specially crafted HTTP requests, which can result in Denial of Service (DoS). As a prerequisite, Spring MVC and Spring Security must be on the classpath for this vulnerability.....

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper corruption checks which causes the lookup function to get stuck in an infinite loop, which allows an attacker to cause Denial of Service (DoS) by submitting a malformed DNS...

U.S. Dept Of Defense: SQL injection on ██████████ via 'where' parameter

An sql injection vulnerability is produced on 'where' parameter of ArcGIS server allows to retreive db content PoC 1- Go to...

SSL/TLS: Certificate - Self-Signed Certificate Detection

The SSL/TLS certificate on this port is...

Deserialization Of Untrusted Data

MLflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling user-supplied data in the sklearn/init.py within the loadmodelfromlocalfile function, which allows an attacker to inject a malicious pickle object into a model file on upload which will then be...

Denial Of Service (DoS)

github.com/klauspost/compress/zstd is vulnerable to a Denial of service (DoS). The vulnerability is due to its zstd decompression implementation not respecting the limits imposed by gRPC, which allows attacker to trigger rapid and uncontrolled increases in memory usage on the server or...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to a lack of proper input validation during the pickle deserialization process within the BaseCard.load() function in the recipes/cards/init .py file. This vulnerability allows an attacker to execute arbitrary...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper handling of serialized data in the _load_pyfunc function within mlflow/pyfunc/model.py. This flaw allows an attacker to inject a malicious pickle object into a PyFunc model file, which results in....

Denial Of Service (DoS)

@grpc/grpc-js is vulnerable to Denial of Service (DoS). The vulnerability is due to improper message size checks becauses messages that exceed the grpc.max_receive_message_length are buffered or decompressed in entirety before being discarded, which can result in...

Denial Of Service (DoS)

Bouncy Castle is vulnerable to an infinite loop. The vulnerability is due to insufficient verification of signatures and public keys during Ed25519 verification, allowing attackers to trigger a denial of service (DoS) due to the infinite...

Denial Of Service (DoS)

org.apache.tomcat: tomcat-websocket is vulnerable to Denial of Service (DoS). The vulnerability is due to improper cleanup of WebSocket connections during a session timeout. If a client fails to send a close message within the timeout period, the websocket connection will continue to hold...

Denial Of Service (DoS)

langchain is vulnerable to a Denial-of-Service (DoS). The vulnerability is due to infinite recursion in the parse_sitemap method, which results in an infinite loop that exceeds the maximum recursion depth in...

Denial Of Service (DoS)

org.elasticsearch: elasticsearch is vulnerable to Denial of Service (DoS). The vulnerability is due to a StackOverflow exception caused by dynamic field mapping of the passthrough type in an index template. An attacker can exploit this vulnerability by ingesting documents under specific conditions....

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by a lack of proper validation of untrusted data in the _load_model function within the pmdarima/init .py file, allowing an attacker to execute arbitrary code by injecting a malicious pickle object into a...

Denial Of Service (DoS)

microsoft.azure.storage.datamovement is vulnerable to a Denial of Service (DoS). The vulnerability is due to improper handling of requests, which can lead to excessive resource...

Denial Of Service (DoS)

Squid is vulnerable to Denial of Service via HTTP Chunked Decoder. The vulnerability is due to an uncontrolled recursion bug in the HTTP Chunked decoder in Squid. This bug allows a remote attacker to cause Denial of Service by sending a crafted, chunked, encoded HTTP...

Deserialization Of Untrusted Data

org.apache.inlong: manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by improper query parameters sanitization within the filterSensitive method, which allows an attackers to bypass JDBC security...

Out-of-bounds Write

chromium:bullseye, chromium:sid is vulnerable to Out-of-bounds Write. The vulnerability exists in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

Denial Of Service (DoS)

Rack is vulnerable to Denial of Service (DoS). The vulnerability is due to improper handling of Range headers, allowing an attacker to craft headers in a way that results in an unexpectedly large response, which can result in Denial of Service...

Denial Of Service (DoS)

org.elasticsearch:elasticsearch is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of deeply nested pipelines during document processing which can cause the Elasticsearch node to crash, resulting in Denial Of...

Denial Of Service (DoS)

FreeRDP is vulnerable to Denial of Service (DoS). The vulnerability is due to allocating an size, which can cause the FreeRDP client to crash when connected to a malicious...