JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

Out-of-bounds Read

ibX11.so is vulnerable to Out-of-bounds Read. The vulnerability is due to function _XkbReadKeySyms allocating insufficient memory for the keysym buffer also failure to handle errors returned by _XkbReadBufferCopyKeySyms. This can leads to potential buffer overflow and out-of-bounds memory...

Out-of-bounds Read

grub2 is vulnerable to Out-of-bounds Read. The vulnerability allows an attacker to read arbitrary memory locations, including sensitive data such as cached passwords and EFI variable values, by presenting a specially crafted NTFS filesystem...

Out-of-bounds Read

libXpm is vulnerable to Out-of-bounds Read. The vulnerability is caused due to a boundary condition that can be exploited to read contents of memory of the system. An attacker can trigger this out-of-bounds read error compromising confidentiality of the...

Out-of-bounds Write

X.Org server is vulnerable to Out-of-bounds Write. The vulnerability is caused due to the cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX...

TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...

Use-of-uninitialized-value in spvTextEncodeOperand

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69388 Crash type: Use-of-uninitialized-value Crash state: spvTextEncodeOperand spvTextEncodeOpcode...

.netrc parser out-of-bounds access

curl can be told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary. This does in most cases cause....

Exploit for Out-of-bounds Write in Microsoft

CVE-2022-21882 win32k LPE bypass...

Denial Of Service (DoS)

qemu is vulnerable to Denial of Service (DoS). A wrong exit condition within qemu may lead to an infinite loop in the 'inflate_buffer' function resulting in a denial of...

Denial Of Service (DoS)

libssh is vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of proper validation and checking of return values in the abstract layer for message digest (MD) operations implemented by different supported crypto backends. This could lead to low-memory failures and potentially....

Out-of-bounds Write

X.Org server is vulnerable to Out-of-bounds Write. The vulnerability is caused due to not allocating sufficient memory space for the devices's particular number of logical buttons. This can lead to a heap overflow if a bigger value is used. DeviceFocusEventand the XIQueryPointer reply of X.Org...

Exploit for Out-of-bounds Write in Polkit Project Polkit

PwnKit-Exploit CVE-2021-4034 ...

Out-of-Bounds Read

libxpm.so is vulnerable to Out-of-bounds Read. The vulnerability is due to a boundary condition, allowing a local user to trigger an out of bounds read error and read memory contents from the...

Denial Of Service (DOS)

jwcrypto is vulnerable to Denial Of Service (DoS). The vulnerability is due to a missing upper bound check in the p2c header value (PBES2 count) which contains the PBKDF2 iteration count used in the PBKDF2 cryptographic key derivation function. The unbounded value can be exploited by an attacker...

ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting

ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password...

Denial Of Service

wallabag/wallabag is vulnerable to Denial Of Service. The vulnerability exists due a lack of a max size checks in the name parameter which allows an attacker to cause a denial of...

By-passing Protection of PharStreamWrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....

Denial of Service in Spring Framework

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller....

Denial Of Service (DoS)

rexml is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper parsing of XML with many &lt;characters in an attribute value, which allows an attacker to cause Denial of...

Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-this....

By-passing Protection of PharStreamWrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....

Exploit for Out-of-bounds Write in Fortinet Fortios-6K7K

xortigate-cve-2023-27997 Exploit for xortigate...

Exploit for Incorrect Implementation of Authentication Algorithm in Microsoft

🛑 Microsoft SharePoint: CVE-2023-29357 🛑 **Microsoft...

China Suspected in Major Cyberattack on UK’s Ministry of Defence (MoD)

By Waqas UK Ministry of Defence (MoD) faces potential Chinese cyberattack. Learn more about the details of the alleged attack, China's role in cyberspace, potential consequences, and the importance of international cooperation in cybersecurity. This is a post from HackRead.com Read the original...

Exploit for Out-of-bounds Write in Linux Linux Kernel

Linux_LPE_eBPF_CVE-2021-3490 LPE exploit for CVE-2021-3490....

RHEL 8 : nodejs-kind-of (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nodejs-kind-of: ctorName in index.js allows external user input to overwrite certain internal attributes ...

Exploit for CVE-2023-33733

CODE INJECTION VULNERABILITY IN REPORTLAB PYTHON LIBRARY...

Out-of-bounds write in Microsoft.ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1196,....

Out-of-bounds write in Microsoft.ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196,....

CVE-2024-3183 Freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user.....

Out-of-bounds write in Microsoft.ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196,....

Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-this....

MsQuic Remote Denial of Service Vulnerability

Impact The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service. Patches The following patch was made: Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb Workarounds...

Out-of-bounds write in Microsoft.ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196,....

Exploit for Deserialization of Untrusted Data in Apache Activemq

Resumen Técnico del Ataque: CVE-2023-46604 El script explota...

Exploit for Improper Handling of Exceptional Conditions in Google Android

CVE-2021-0928, writeToParcel/createFromParcel serialization...

Exploit for Insecure Default Initialization of Resource in Apache Superset

CVE-2023-27524: Apache Superset Auth Bypass and RCE Apache...

Exploit for Out-of-bounds Write in Fortinet Fortios-6K7K

Usage: python3 cve-2022-42475.py rhost rport lhost 'command'...

Exploit for Out-of-bounds Write in Linux Linux Kernel

nftables oob read/write exploit (CVE-2023-35001) Exploit...

CVE-2024-3183 Freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user.....

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check Chequea si...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 CVE-2021-4034 centos8可用版本...

Exploit for Deserialization of Untrusted Data in Solarwinds Orion Platform

CVE-2021-35215 SolarWinds Orion Platform ActionPluginBaseView...

MsQuic Remote Denial of Service Vulnerability

Impact The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service. Patches The following patch was made: Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb Workarounds...

Exploit for Insecure Default Initialization of Resource in Apache Superset

CVE-2023-27524: Apache Superset Auth Bypass Script to check...

Podman Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file...

Improper use of metav1.Duration allows for Denial of Service

Flux controllers within the affected versions range are vulnerable to a denial of service attack. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout (and structured...

Denial Of Service (DoS)

phpseclib/phpseclib is vulnerable to a Denial Of Service (DoS). The vulnerability is due to a flaw in handling malformed certificates in the phpseclib/Math/BigInteger.php file by using the method isPrime(). It allows an attacker to trigger excessive CPU consumption during the isPrime primality...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

更全面的Dubbo漏洞扫描工具见我的另一个项目：https://github.com/YYHYlh/Dubbo-Scan...

air-insignes.fr Cross Site Scripting vulnerability OBB-3861029

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...