JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

Overview Versions <=8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function (referring to the secretOrPublicKey argument from the readme link) will result in incorrect verification of tokens. There is a possibility of using a different...

Exploit for Deserialization of Untrusted Data in Apache Activemq

⚙️ 工具简介 (Welcome star 🌟) **CVE-2023-46604 之 ActiveMQ RCE...

openstack-barbican Denial of Service vulnerability

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of...

Traefik vulnerable to denial of service with Content-length header in github.com/traefik/traefik

Traefik vulnerable to denial of service with Content-length header in...

Custom runtime rules and runtime response policies: new layers of defense

Wiz's custom runtime rules and runtime response policies add new layers to your defense-in-depth...

Denial of service in github.com/octo-sts/app

Excessively large requests can be processed, consuming a large amount of resources. This could potentially lead to a denial of...

Improper handling of JavaScript whitespace in html/template

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during...

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to weak TLS security, cross-site scripting, denial of service, and a server-side request forgery due to multiple vulnerabilities.

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable weaker than expected TLS security [CVE-2023-50312], cross-site scripting with JavaScript code [CVE-2024-27270], and sending specially crated requests to cause denial of service [CVE-2024-25026, CVE-2024-27268, CVE-2024-22353]....

Deserialization Of Untrusted Data

spatie/image-optimizer is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to a lack of file protocol checks before it's passed to the file_exists() function. This allows attackers to use the phar:// protocol to deserialize a malicious script, which results in Remote Code.....

CVE-2022-24816 Improper Control of Generation of Code in jai-ext

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects...

Denial Of Service (DoS)

sqlparse is vulnerable to Denial of Service (DoS). The vulnerability is due to a lack of recursion limits, which allows an attacker to pass a heavily nested list to the parse() method resulting in a...

CVE-2021-20251

A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are...

Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)

Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF)...

CVE-2023-33106 Use of Out-of-range Pointer Offset in Graphics

Memory corruption while submitting a large list of sync points in an AUX command to the...

Laravel Risk of mass-assignment vulnerabilities

Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application...

Denial of Service in Apache James

In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of...

The Hacking of Culture and the Creation of Socio-Technical Debt

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...

CVE-2023-45149

Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the...

Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in...

nats-io/jwt not enforcing checking of Import token permissions

(This advisory is canonically https://advisories.nats.io/CVE/CVE-2021-3127.txt) Problem Description The NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Import system used to grant cross-account access to some.....

SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used

Background Use of a relation of the form: relation folder: folder | folder#parent with an arrow such as folder-&gt;view can cause LookupSubjects to only return the subjects found under subjects for either folder or folder#parent. This bug only manifests if the same subject type is used multiple typ...

CVE-2023-41879

Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would.....

Symfony vulnerable to denial of service via a malicious HTTP Host header

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore....

Exploit for Out-of-bounds Write in Linux Linux Kernel

CVE-2022-27666 This is the exploit for CVE-2022-27666, a...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4j CVE-2021-44228 and CVE-2021-45046 Requisites Use a...

Build Numbers and Versions of Veeam Backup & Replication

This KB article lists all versions of Veeam Backup & Replication and their respective build...

Nagios XI < 5.9.3 Multiple Vulnerabilities

According to the self-reported version of Nagios XI, the remote host is affected by multiple vulnerabilities, including the following: The session ID for API Authentication is generated using uniqid, which is based on the current time. An attacker can brute-force a valid session ID by...

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-51775

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could...

Out Of Bounds Read

Chrome is vulnerable to Out Of Bounds Read. The vulnerability due to improper handling of out-of-bounds reads, allows a remote attacker to leak cross-site data via a crafted HTML...

Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability

In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...

Denial Of Service (DoS)

putty is vulnerable to Denial Of Service (DoS). The vulnerability is due to remote SSH-1 servers accessing freed memory locations via an SSH1_MSG_DISCONNECT message in PuTTY, allows remote SSH-1 servers to trigger a denial of service...

ZendFramework Information Disclosure and Insufficient Entropy vulnerability

In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not...

Use-of-uninitialized-value in vpx_codec_peek_stream_info

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68912 Crash type: Use-of-uninitialized-value Crash state: vpx_codec_peek_stream_info vpx_dec_fuzzer.cc...

WordPress InPost Gallery <2.1.4.1 - Local File Inclusion

WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on....

Improper Authorization

Evmos is vulnerable to Improper Authorization. The vulnerability is due to allowing a user to create a validator using vested tokens to deposit the...

CVE-2023-49221

Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service...

CVE-2023-49221

Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service...

CentOS 7 : java-1.8.0-ibm (RHSA-2024:4160)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4160 advisory. The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of...

CVE-2024-37159

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. This vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond. This vulnerability is fixed in...

Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine Adselfservice Plus

Exploitation code for CVE-2021-40539...

CVE-2023-49223

Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive...

Improper validation of UUIDs in github.com/codenotary/immudb

A malicious server can trick a client into treating it as a different server by changing the reported UUID. immudb client SDKs use the server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple...

Exposure of local files in github.com/cortexproject/cortex

A malicious actor could remotely read local files by submitting to the Alertmanager Set Configuration API maliciously crafted inputs. Only users of the Alertmanager service where "-experimental.alertmanager.enable-api" or "enable_api: true" is configured are...

Django database denial-of-service with ModelMultipleChoiceField

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL...

Malicious code in forgyps (PyPI)

-= Per source details. Do not edit below this...

Malicious code in capmonster (PyPI)

-= Per source details. Do not edit below this...

Blue Coat Unified Agent Installed

Blue Coat Unified Agent, a security and acceleration application, is installed on the remote Windows host. Note that Blue Coat Unified Agent replaces Blue Coat...

OpenStack Nova Denial of service attack on the compute host

An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error...

CVE-2023-39958

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients......

Symfony vulnerable to denial of service via a malicious HTTP Host header

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore....