JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

Denial Of Service (DoS)

.NET is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to processing X.509 certificates, which allows a malicious user is to trigger an application crash by passing a crafted...

Denial Of Service (DoS)

Yarp.ReverseProxy is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists due insufficient checks in StreamCopyHttpContent.cs, which allows an attacker to cause denial of service...

Denial Of Service (DoS)

Microsoft QUIC is vulnerable to Denial of Service (DOS). The vulnerability is due to a memory leak in the QuicCryptoTlsReadExtensions function in crypto_tls.c, which results in Denial of Service. An attacker can create multiple instances are present or multiple calls to the decode...

Denial Of Service (DoS)

Microsoft QUIC is vulnerable to Denial Of Service (DoS). The vulnerability is due to the library allowing version negotiation packets for server connections, which enables an attacker to crash the...

Denial Of Service (DoS)

Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt are vulnerable to Denial Of Service (DoS). The vulnerability is cause by improper JWT compression checks, which results in resource exhaustion due processing of malicious JSON Web Encryption(JWE) token. Successful...

Denial Of Service (DoS)

.NET is vulnerable to Denial Of Service (Dos). The vulnerability is due to improper handling of x509 certificates, which can result in Denial of Service...

TaskFragmentOrganizer.applySyncTransaction() allows leaking SurfaceControl of outer Task

In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Permanent denial of service via NotificationManager#createNotificationChannel

In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

Adobe ColdFusion - Deserialization of Untrusted Data

Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user...

Exploit for Out-of-bounds Read in Adobe Bridge

Exploit for CVE-2021-44168 Purpose Exploit CVE-2021-44168...

Drupal Brute force amplification attacks via XML-RPC

The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same...

Out of bounds read in json-smart

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service (DOS) via a crafted web...

Exploit for Unrestricted Upload of File with Dangerous Type in Boidcms

CVE-2023-38836 Exploit File Upload vulnerability in BoidCMS...

YARP Denial of Service Vulnerability

Impact A denial of service vulnerability exists in YARP. Patches If you're using YARP 1.x, you should update to NuGet package version 1.1.2. If you're using YARP 2.0.0, you should update to NuGet package version 2.0.1. You can do so by updating the PackageReference in your .csproj file diff...

TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...

TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...

Use-of-uninitialized-value in complexity_RC_reset_marking

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57398 Crash type: Use-of-uninitialized-value Crash state: complexity_RC_reset_marking ihevce_pre_enc_process_frame_thrd...

Denial Of Service (DoS)

ASP.NET Core is vulnerable to Denial of Service (DoS). The vulnerability occurs when an attacker cancels a HTTP requests made to ASP.NET Core running on an IIS In Process hosting model, which may cause an increase in thread counts, potentially leading to an OutOfMemoryException, which results in...

.netrc parser out-of-bounds access

curl can be told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary. This does in most cases cause....

Exploit for Allocation of Resources Without Limits or Throttling in Discourse

CVE-2023-38408 PoC for the recent critical vuln affecting...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4jCenter Exploiting CVE-2021-44228 in vCenter for remote...

Use-of-uninitialized-value in ihevce_enc_frm_proc_slave_thrd

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57397 Crash type: Use-of-uninitialized-value Crash state: ihevce_enc_frm_proc_slave_thrd osal_func...

Exploit for Out-of-bounds Write in Google Chrome

libwebp CVE-2023-4863 [A Vulnerability...

CVE-2016-2427

The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug...

CVE-2023-7075

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be...

Child of b/237288416: [Out of Bounds Write in audioProfileToHal Function in HidlUtils.cpp in [email protected]]

In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Exploit for Deserialization of Untrusted Data in Microsoft

nse-exchange Nmap NSE scripts to check against exchange...

Use-of-uninitialized-value in ihevce_strm_fill_done

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57401 Crash type: Use-of-uninitialized-value Crash state: ihevce_strm_fill_done ihevce_ent_coding_thrd...

Mattermost vulnerable to denial of service via large number of emoji reactions

Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the...

Exploit for Out-of-bounds Write in Linux Linux Kernel

Linux_LPE_eBPF_CVE-2021-3490 LPE exploit for CVE-2021-3490....

Exploit for Deserialization of Untrusted Data in Solarwinds Orion Platform

CVE-2021-35215 SolarWinds Orion Platform ActionPluginBaseView...

CVE-2020-21487

Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of...

Exploit for Out-of-bounds Write in Polkit Project Polkit

PwnKit-Exploit CVE-2021-4034 ...

Denial of Service in TenderMint

Description Denial of Service Tendermint 0.33.0 and above allow block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing the chainID. (It is a misconfiguration to reuse chainIDs.) Correct.....

Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-this....

Keycloak Denial of Service via account lockout

In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his...

Keycloak Denial of Service via account lockout

In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof...

Exploit for Out-of-bounds Write in Fortinet Fortios-6K7K

Usage: python3 cve-2022-42475.py rhost rport lhost 'command'...

By-passing Protection of PharStreamWrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....

Exploit for Improper Handling of Exceptional Conditions in Google Android

CVE-2021-0928, writeToParcel/createFromParcel serialization...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4Shell-Rex The following RegEx was written in an attempt...

Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...

Use-of-uninitialized-value in do_callout_jit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68365 Crash type: Use-of-uninitialized-value Crash state: do_callout_jit...

Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-this....

Task hijacking of apps that set allowTaskReparenting="true"

In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Moodle CSRF risks due to misuse of confirm_sesskey

Incorrect CSRF token checks resulted in multiple CSRF...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 CVE-2021-4034 centos8可用版本...

Talkback reads notifications of non-current Android user

In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Mattermost denial of service through long emoji value

Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the...