Lucene search

K

JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

osv
osv

[Denial Of Service Android 13 September 2022]

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for...

7.5CVSS

6.7AI Score

0.001EPSS

2023-06-01 12:00 AM
3
veracode
veracode

Denial Of Service (DoS)

drupal/core is vulnerable to Denial Of Service. The vulnerability is caused by visiting install.php, which can cause cached data to become corrupted until caches are...

7AI Score

2024-05-20 07:24 AM
1
veracode
veracode

Denial Of Service (DoS)

phpseclib/phpseclib is vulnerable to a Denial Of Service (DoS). The vulnerability is due to a flaw in handling malformed certificates in the phpseclib/Math/BigInteger.php file by using the method isPrime(). It allows an attacker to trigger excessive CPU consumption during the isPrime primality...

6.9AI Score

0.0004EPSS

2024-03-03 03:11 PM
2
osv
osv

Potential OOB Read in attp_build_value_cmd() of att_protocol.cc

In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

6.4AI Score

0.0004EPSS

2024-02-01 12:00 AM
10
osv
osv

Permanent denial of service via PackageManager#setMimeGroup

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS

7.4AI Score

0.0004EPSS

2023-01-01 12:00 AM
3
osv
osv

Permanent denial of service via PackageManager#setComponentEnabledSetting

In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS

6.6AI Score

0.0004EPSS

2022-12-01 12:00 AM
3
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4Pot A honeypot for the Log4Shell vulnerability...

8.7AI Score

2021-12-15 10:30 PM
421
github
github

Podman Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file...

6.8CVSS

6.4AI Score

0.001EPSS

2023-03-27 09:30 PM
17
wpexploit
wpexploit

LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.7AI Score

0.0004EPSS

2024-05-24 12:00 AM
6
github
github

Improper use of metav1.Duration allows for Denial of Service

Flux controllers within the affected versions range are vulnerable to a denial of service attack. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout (and structured...

5CVSS

5AI Score

0.001EPSS

2022-10-19 06:40 PM
16
openbugbounty
openbugbounty

air-insignes.fr Cross Site Scripting vulnerability OBB-3861029

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-02-28 08:55 AM
2
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-finder A Python3 script to scan the filesystem to find...

8.3AI Score

2021-12-14 10:04 AM
395
osv
osv

Keycloak Denial of Service via account lockout

In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his...

7.1AI Score

2024-06-12 07:42 PM
3
github
github

Keycloak Denial of Service via account lockout

In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his...

7.1AI Score

2024-06-12 07:42 PM
veracode
veracode

Regular Expression Denial Of Service (ReDoS)

tecnickcom/tcpdf is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due to a regular expression with inefficient complexity utilized when parsing a SVG file. This allows an attacker to cause a denial of service by crafting a malicious svg...

6.7AI Score

EPSS

2024-05-31 04:58 AM
3
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Activemq

honeypot.rs Honeypot that scopes [CVE-2023-46604 (Apache...

7.3AI Score

2024-05-29 02:56 PM
58
github
github

Out-of-bounds write in Microsoft.ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196,....

8.8CVSS

6AI Score

0.038EPSS

2021-03-29 08:57 PM
28
github
github

Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195,....

8.8CVSS

6AI Score

0.038EPSS

2021-03-29 08:58 PM
30
osv
osv

TaskFragmentOrganizer.applySyncTransaction() allows leaking SurfaceControl of outer Task

In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS

5.7AI Score

0.0004EPSS

2023-05-01 12:00 AM
5
osv
osv

Permanent denial of service via NotificationManager#createNotificationChannel

In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS

6.7AI Score

0.0004EPSS

2022-12-01 12:00 AM
2
osv
osv

Bypass of overlay protection in landscape mode

In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed...

7AI Score

EPSS

2024-06-01 12:00 AM
2
osv
osv

Permanent denial of service via NotificationManager#addAutomaticZenRule

In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS

5.9AI Score

0.0004EPSS

2023-02-01 12:00 AM
2
githubexploit
githubexploit

Exploit for Allocation of Resources Without Limits or Throttling in Discourse

CVE-2023-38408 PoC for the recent critical vuln affecting...

6.5CVSS

7.3AI Score

0.0004EPSS

2023-08-09 07:56 PM
24
osv
osv

Spring Framework vulnerable to denial of service

In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial-of-service (DoS)...

6.5CVSS

6.2AI Score

0.003EPSS

2023-04-13 09:30 PM
20
veracode
veracode

Cleartext Transmission Of Sensitive Information

NASA AIT-Core is vulnerable to Cleartext Transmission of Sensitive Information. The vulnerability is due to using unencrypted channels to exchange data over the network, which allows an attacker to conduct a Man-in-the-Middle...

6.7AI Score

EPSS

2024-05-24 08:46 AM
3
github
github

Denial of service in django

The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated...

7.5AI Score

0.136EPSS

2018-07-23 07:51 PM
12
osv
osv

Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

Denial of service of Minder Server from maliciously crafted GitHub attestations in...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-06-05 03:10 PM
1
githubexploit
githubexploit

Exploit for Code Injection in Cisco Adaptive Security Appliance Software

CVE-2024-20359-CiscoASA-FTD-exploit Exploit for Cisco ASA and...

6CVSS

7.5AI Score

0.001EPSS

2024-05-04 10:40 AM
196
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-shell-poc A Proof-Of-Concept for the recently found...

10CVSS

9.6AI Score

0.975EPSS

2024-05-28 01:40 PM
59
apple
apple

About the security content of visionOS 1.2

About the security content of visionOS 1.2 This document describes the security content of visionOS 1.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

7.8AI Score

0.0005EPSS

2024-06-10 12:00 AM
2
githubexploit
githubexploit

Exploit for Unrestricted Upload of File with Dangerous Type in Microsoft

ProxyShell Proof of Concept Exploit for Microsoft Exchange...

8.5AI Score

2021-09-04 03:34 PM
222
veracode
veracode

Denial Of Service (DoS) / Information Disclosure

io.airlift: aircompressor is vulnerable to Denial Of Service (DoS) / Information Disclosure. The vulnerability is due to improper memory bounds checking during data decompression, caused by the use of the sun.misc.Unsafe class without additional safeguards. This can lead to out-of-bounds memory...

8.6CVSS

7AI Score

0.0004EPSS

2024-05-30 06:07 AM
1
veracode
veracode

Regular Expression Denial Of Service (ReDoS)

micromatch is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due a regex expression with inefficient complexity within the micromatch.braces() method. An attacker can submit a large payload without a closing bracket, which results in Regular Expression Denial of...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-05-31 05:28 AM
6
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Apple Ipad Os

Write up is here:...

8.6AI Score

2021-10-09 08:11 PM
205
openbugbounty
openbugbounty

air-spb.ucoz.ru Cross Site Scripting vulnerability OBB-3859345

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-02-26 09:03 AM
6
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

🇮🇱 #BringThemHome #NeverAgainIsNow 🇮🇱 **We demand...

9.8CVSS

8.2AI Score

0.018EPSS

2024-03-17 09:15 AM
152
github
github

Spring Framework vulnerable to denial of service

In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial-of-service (DoS)...

6.5CVSS

6.4AI Score

0.003EPSS

2023-04-13 09:30 PM
86
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Polkit Project Polkit

pkexec-exploit Local Privilege Escalation in polkit's pkexec...

8.2AI Score

2022-01-30 10:34 AM
249
openvas
openvas

Allaire/Macromedia JRun Sample Files (HTTP) - Active Check

This host is running the Allaire JRun web server and has sample files...

6.7AI Score

0.005EPSS

2005-11-03 12:00 AM
16
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Google Chrome

CVE-2023-4863 ```bash # checkout webp git clone...

8.8CVSS

8.7AI Score

0.65EPSS

2023-09-25 10:33 AM
401
githubexploit

9.8CVSS

7.6AI Score

0.96EPSS

2023-12-27 12:06 AM
185
githubexploit

8.2AI Score

2022-02-13 12:05 AM
466
osv
osv

Index-out-of-bounds in LibRaw::apply_tiff

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55722 Crash type: Index-out-of-bounds Crash state: LibRaw::apply_tiff LibRaw::parse_jpeg...

6.9AI Score

2023-02-07 01:00 PM
3
osv
osv

Index-out-of-bounds in LibRaw::kodak_radc_load_raw

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52139 Crash type: Index-out-of-bounds Crash state: LibRaw::kodak_radc_load_raw LibRaw::unpack...

-0.1AI Score

2022-10-06 12:02 AM
6
osv
osv

Use-of-uninitialized-value in QUICVariableInt::size

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69001 Crash type: Use-of-uninitialized-value Crash state: QUICVariableInt::size Http3SettingsFrame::Http3SettingsFrame...

7.2AI Score

2024-06-06 12:12 AM
githubexploit

9.7AI Score

2023-10-27 12:22 PM
62
githubexploit

8.5AI Score

2021-12-12 12:29 AM
262
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Linux Linux Kernel

CVE-2021-22555 This repo hosts TUKRU's Linux Privilege...

8.3CVSS

7.7AI Score

0.002EPSS

2023-08-05 06:56 PM
179
githubexploit

8.8AI Score

2021-12-10 09:46 PM
299
osv
osv

Child of b/237288416: [Out of Bounds Write in audioProfileToHal Function in HidlUtils.cpp in [email protected]]

In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS

7.2AI Score

0.0004EPSS

2022-10-01 12:00 AM
1
Total number of security vulnerabilities2366084