Lucene search

K

JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

nessus
nessus

Cisco Firepower Threat Defense Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level...

6CVSS

6.8AI Score

0.001EPSS

2024-04-25 12:00 AM
41
osv
osv

WhatsApp able to use microphone even after permissions revoked & app force stop in Android 13 Pixel 6

In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for...

3.1CVSS

6.6AI Score

0.001EPSS

2023-07-01 12:00 AM
5
veracode
veracode

Denial Of Service

libexpat is vulnerable of Denial of service. The vulnerability due to many full reparsings are required in the case of a large token for which multiple buffer fills are needed. It leads to the exhaustion of available...

7.5CVSS

6.8AI Score

0.001EPSS

2024-02-11 08:46 AM
10
cve
cve

CVE-2023-1740

A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin/user/manage_user.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible....

9.8CVSS

9.7AI Score

0.001EPSS

2023-03-30 09:15 PM
22
veracode
veracode

Denial Of Service

rack is vulnerable to a Denial of service. The vulnerability is due to header parsing routines being susceptible to carefully crafted headers, which can cause the parsing process to take longer than expected, leading to a possible denial of service issue. This specifically impacts the Accept and...

5.3CVSS

6.5AI Score

0.0004EPSS

2024-02-29 05:37 AM
11
veracode
veracode

Denial Of Service

dnsmasq is vulnerable to Denial of Service. The vulnerability due to KeyTrap issue when dealing with a zone that contains numerous DNSKEY (DNS Key) and RRSIG (Resource Record Signature) records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG....

7.5CVSS

6.6AI Score

0.05EPSS

2024-02-18 06:35 AM
16
osv
osv

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

7.2AI Score

2024-05-30 12:21 PM
4
veracode
veracode

Out-Of-Bounds

chromium is vulnerable to Out-Of-Bounds. The vulnerability is due to improper handling of specific UI gestures via a crafted HTML page, potentially allowing a remote attacker to exploit heap...

5.9AI Score

0.0004EPSS

2024-06-03 04:51 PM
cve
cve

CVE-2023-1856

A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/transactions/track_shipment.php of the component GET Parameter Handler. The manipulation of the argument id...

9.8CVSS

9.7AI Score

0.005EPSS

2023-04-05 08:15 AM
16
cve
cve

CVE-2023-1564

A vulnerability was found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/transactions/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql...

9.8CVSS

9.6AI Score

0.001EPSS

2023-03-22 01:15 PM
20
openvas
openvas

F5 BIG-IP - BIG-IP ASM Proactive Bot Defense vulnerability CVE-2016-7472

When Proactive Bot Defense is configured, BIG-IP ASM 12.1.0 and 12.1.1 systems may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP header....

7.5CVSS

7.4AI Score

0.002EPSS

2016-11-14 12:00 AM
24
osv
osv

symfony/validator XML Entity Expansion vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

7.2AI Score

2024-05-30 01:10 PM
4
cve
cve

CVE-2023-2155

A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file classes/Master.php?f=save_cargo_type. The manipulation of the argument name leads to cross site scripting. The attack can be...

4.8CVSS

5AI Score

0.001EPSS

2023-04-18 03:15 PM
22
github
github

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

7.2AI Score

2024-05-29 07:59 PM
3
veracode
veracode

Denial Of Service

dnsmasq is vulnerable to Denial Of Service. The attacker can exploit this vulnerability by sending crafted DNSSEC responses to the target system, causing it to consume excessive CPU...

6.5AI Score

0.0005EPSS

2024-02-15 02:59 AM
8
github
github

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

7.2AI Score

2024-05-30 12:21 PM
hackerone
hackerone

U.S. Dept Of Defense: reflected xss [CVE-2020-3580]

Hey Security Team It was observed that the application is vulnerable to cross-site scripting (XSS). XSS is a type of attack that involves running a malicious scripts on a victim’s browser. website: ███████ attached When the user clicks submit, his information will be stolen Impact Cookie Stealing.....

6.1CVSS

5.9AI Score

0.971EPSS

2024-04-25 03:55 PM
36
osv
osv

symfony/translation XML Entity Expansion vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

7.2AI Score

2024-05-30 01:02 PM
5
cvelist
cvelist

CVE-2024-26606 binder: signal epoll threads of self-work

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read...

6.6AI Score

0.0004EPSS

2024-02-26 02:39 PM
osv
osv

Symfony XML Entity Expansion security vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

7.2AI Score

2024-05-29 07:59 PM
1
github
github

symfony/validator XML Entity Expansion vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

7.2AI Score

2024-05-30 01:10 PM
2
osv
osv

Granting access of protected ContentProviders on behalf of Launcher

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

7.8CVSS

7.1AI Score

0.0004EPSS

2023-12-01 12:00 AM
5
cve
cve

CVE-2023-1480

A vulnerability classified as critical was found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument un leads to sql injection.....

9.8CVSS

9.7AI Score

0.001EPSS

2023-03-18 09:15 AM
25
cve
cve

CVE-2023-1481

A vulnerability, which was classified as problematic, has been found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this issue is some unknown functionality of the file modules/balance/index.php?view=balancelist of the component POST Parameter Handler. The...

6.1CVSS

6AI Score

0.001EPSS

2023-03-18 09:15 AM
29
nessus
nessus

Cisco Firepower Threat Defense Software Web Services DoS Vulnerability (cisco-sa-asaftd-websrvs-dos-X8gNucD2)

According to its self-reported version, the remote Cisco Firepower Threat Defense Software is affected by a denial of service (DoS) vulnerability, due to incomplete error checking when parsing HTTP headers. An unauthenticated, remote attacker can exploit this issue, via specially crafted HTTP...

8.6CVSS

8.7AI Score

0.002EPSS

2024-04-26 12:00 AM
8
openvas
openvas

PQI Air Pen Express Remote Detection

Detection of installed version of PQI Air Pen Express. This script sends an HTTP GET request and tries to get the version from the ...

7.2AI Score

2016-02-18 12:00 AM
12
github
github

symfony/translation XML Entity Expansion vulnerability

Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...

7.2AI Score

2024-05-30 01:02 PM
1
veracode
veracode

Denial Of Service (DoS)

TYPO3 is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper validation of anonymous user sessions in the built-in record registration functionality using recs URL parameters, allowing attackers to create an arbitrary amount of individual session-data records in the...

7.1AI Score

2024-06-14 12:44 PM
veracode
veracode

Denial Of Service (DoS)

ch.qos.logback:logback-classic is vulnerable to Denial Of Service (DoS). The vulnerability is due to the readObject() method in the LoggingEventVO class which fails to check the length of an argument array during deserialization. An attacker could send crafted data, resulting in Denial of Service.....

7.5CVSS

6.5AI Score

0.0005EPSS

2024-06-14 04:52 PM
1
veracode
veracode

Denial Of Service (DoS)

org.springframework: spring-core is vulnerable to Denial of Service (DoS). The vulnerability is due to the mishandling of specially crafted HTTP requests, which can result in Denial of Service (DoS). As a prerequisite, Spring MVC and Spring Security must be on the classpath for this vulnerability.....

7.5CVSS

6.6AI Score

0.0005EPSS

2024-01-24 10:21 AM
6
veracode
veracode

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper corruption checks which causes the lookup function to get stuck in an infinite loop, which allows an attacker to cause Denial of Service (DoS) by submitting a malformed DNS...

6.8AI Score

0.0004EPSS

2024-05-09 06:08 AM
2
hackerone
hackerone

U.S. Dept Of Defense: SQL injection on ██████████ via 'where' parameter

An sql injection vulnerability is produced on 'where' parameter of ArcGIS server allows to retreive db content PoC 1- Go to...

7.2AI Score

2024-03-25 10:28 PM
23
openvas
openvas

SSL/TLS: Certificate - Self-Signed Certificate Detection

The SSL/TLS certificate on this port is...

7.3AI Score

2011-04-27 12:00 AM
11
veracode
veracode

Deserialization Of Untrusted Data

MLflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling user-supplied data in the sklearn/init.py within the loadmodelfromlocalfile function, which allows an attacker to inject a malicious pickle object into a model file on upload which will then be...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-14 09:11 AM
veracode
veracode

Denial Of Service (DoS)

github.com/klauspost/compress/zstd is vulnerable to a Denial of service (DoS). The vulnerability is due to its zstd decompression implementation not respecting the limits imposed by gRPC, which allows attacker to trigger rapid and uncontrolled increases in memory usage on the server or...

7AI Score

2024-06-14 08:49 AM
1
veracode
veracode

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to a lack of proper input validation during the pickle deserialization process within the BaseCard.load() function in the recipes/cards/init .py file. This vulnerability allows an attacker to execute arbitrary...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-14 07:29 AM
veracode
veracode

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper handling of serialized data in the _load_pyfunc function within mlflow/pyfunc/model.py. This flaw allows an attacker to inject a malicious pickle object into a PyFunc model file, which results in....

8.8CVSS

7.3AI Score

0.0004EPSS

2024-06-14 06:27 AM
veracode
veracode

Denial Of Service (DoS)

@grpc/grpc-js is vulnerable to Denial of Service (DoS). The vulnerability is due to improper message size checks becauses messages that exceed the grpc.max_receive_message_length are buffered or decompressed in entirety before being discarded, which can result in...

5.3CVSS

6.6AI Score

0.0005EPSS

2024-06-12 07:45 AM
1
veracode
veracode

Denial Of Service (DoS)

Bouncy Castle is vulnerable to an infinite loop. The vulnerability is due to insufficient verification of signatures and public keys during Ed25519 verification, allowing attackers to trigger a denial of service (DoS) due to the infinite...

6.3AI Score

0.0004EPSS

2024-04-25 03:54 PM
8
veracode
veracode

Denial Of Service (DoS)

org.apache.tomcat: tomcat-websocket is vulnerable to Denial of Service (DoS). The vulnerability is due to improper cleanup of WebSocket connections during a session timeout. If a client fails to send a close message within the timeout period, the websocket connection will continue to hold...

6.5AI Score

0.0004EPSS

2024-03-15 06:11 AM
14
veracode
veracode

Denial Of Service (DoS)

langchain is vulnerable to a Denial-of-Service (DoS). The vulnerability is due to infinite recursion in the parse_sitemap method, which results in an infinite loop that exceeds the maximum recursion depth in...

4.2CVSS

6.7AI Score

0.0004EPSS

2024-06-11 08:54 AM
1
veracode
veracode

Denial Of Service (DoS)

org.elasticsearch: elasticsearch is vulnerable to Denial of Service (DoS). The vulnerability is due to a StackOverflow exception caused by dynamic field mapping of the passthrough type in an index template. An attacker can exploit this vulnerability by ingesting documents under specific conditions....

4.9CVSS

6.9AI Score

0.0004EPSS

2024-06-14 05:42 AM
1
veracode
veracode

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by a lack of proper validation of untrusted data in the _load_model function within the pmdarima/init .py file, allowing an attacker to execute arbitrary code by injecting a malicious pickle object into a...

8.8CVSS

7.9AI Score

0.0004EPSS

2024-06-14 05:12 AM
veracode
veracode

Denial Of Service (DoS)

microsoft.azure.storage.datamovement is vulnerable to a Denial of Service (DoS). The vulnerability is due to improper handling of requests, which can lead to excessive resource...

7.5CVSS

7.9AI Score

0.0005EPSS

2024-06-13 10:20 AM
1
veracode
veracode

Denial Of Service (DoS)

Squid is vulnerable to Denial of Service via HTTP Chunked Decoder. The vulnerability is due to an uncontrolled recursion bug in the HTTP Chunked decoder in Squid. This bug allows a remote attacker to cause Denial of Service by sending a crafted, chunked, encoded HTTP...

8.6CVSS

6.7AI Score

0.0004EPSS

2024-03-08 04:00 AM
9
veracode
veracode

Deserialization Of Untrusted Data

org.apache.inlong: manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by improper query parameters sanitization within the filterSensitive method, which allows an attackers to bypass JDBC security...

6.9AI Score

0.0004EPSS

2024-05-09 05:50 AM
1
veracode
veracode

Out-of-bounds Write

chromium:bullseye, chromium:sid is vulnerable to Out-of-bounds Write. The vulnerability exists in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

8.8CVSS

6.3AI Score

0.007EPSS

2023-12-24 01:43 AM
13
veracode
veracode

Denial Of Service (DoS)

Rack is vulnerable to Denial of Service (DoS). The vulnerability is due to improper handling of Range headers, allowing an attacker to craft headers in a way that results in an unexpectedly large response, which can result in Denial of Service...

5.8CVSS

6.9AI Score

0.0004EPSS

2024-02-29 06:31 AM
7
veracode
veracode

Denial Of Service (DoS)

org.elasticsearch:elasticsearch is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of deeply nested pipelines during document processing which can cause the Elasticsearch node to crash, resulting in Denial Of...

4.9CVSS

6.7AI Score

0.0004EPSS

2024-03-29 10:30 AM
8
veracode
veracode

Denial Of Service (DoS)

FreeRDP is vulnerable to Denial of Service (DoS). The vulnerability is due to allocating an size, which can cause the FreeRDP client to crash when connected to a malicious...

7.5CVSS

7.4AI Score

0.0004EPSS

2024-04-25 07:00 AM
3
Total number of security vulnerabilities2366128