JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

[Denial Of Service Android 13 September 2022]

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for...

Denial Of Service (DoS)

drupal/core is vulnerable to Denial Of Service. The vulnerability is caused by visiting install.php, which can cause cached data to become corrupted until caches are...

Denial Of Service (DoS)

phpseclib/phpseclib is vulnerable to a Denial Of Service (DoS). The vulnerability is due to a flaw in handling malformed certificates in the phpseclib/Math/BigInteger.php file by using the method isPrime(). It allows an attacker to trigger excessive CPU consumption during the isPrime primality...

Potential OOB Read in attp_build_value_cmd() of att_protocol.cc

In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Permanent denial of service via PackageManager#setMimeGroup

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

Permanent denial of service via PackageManager#setComponentEnabledSetting

In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4Pot A honeypot for the Log4Shell vulnerability...

Podman Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file...

LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

Improper use of metav1.Duration allows for Denial of Service

Flux controllers within the affected versions range are vulnerable to a denial of service attack. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout (and structured...

air-insignes.fr Cross Site Scripting vulnerability OBB-3861029

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-finder A Python3 script to scan the filesystem to find...

Keycloak Denial of Service via account lockout

In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his...

Keycloak Denial of Service via account lockout

In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his...

Regular Expression Denial Of Service (ReDoS)

tecnickcom/tcpdf is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due to a regular expression with inefficient complexity utilized when parsing a SVG file. This allows an attacker to cause a denial of service by crafting a malicious svg...

Exploit for Deserialization of Untrusted Data in Apache Activemq

honeypot.rs Honeypot that scopes [CVE-2023-46604 (Apache...

Out-of-bounds write in Microsoft.ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196,....

Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195,....

TaskFragmentOrganizer.applySyncTransaction() allows leaking SurfaceControl of outer Task

In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Permanent denial of service via NotificationManager#createNotificationChannel

In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

Bypass of overlay protection in landscape mode

In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed...

Permanent denial of service via NotificationManager#addAutomaticZenRule

In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

Exploit for Allocation of Resources Without Limits or Throttling in Discourse

CVE-2023-38408 PoC for the recent critical vuln affecting...

Spring Framework vulnerable to denial of service

In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial-of-service (DoS)...

Cleartext Transmission Of Sensitive Information

NASA AIT-Core is vulnerable to Cleartext Transmission of Sensitive Information. The vulnerability is due to using unencrypted channels to exchange data over the network, which allows an attacker to conduct a Man-in-the-Middle...

Denial of service in django

The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated...

Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

Denial of service of Minder Server from maliciously crafted GitHub attestations in...

Exploit for Code Injection in Cisco Adaptive Security Appliance Software

CVE-2024-20359-CiscoASA-FTD-exploit Exploit for Cisco ASA and...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-shell-poc A Proof-Of-Concept for the recently found...

About the security content of visionOS 1.2

About the security content of visionOS 1.2 This document describes the security content of visionOS 1.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

Exploit for Unrestricted Upload of File with Dangerous Type in Microsoft

ProxyShell Proof of Concept Exploit for Microsoft Exchange...

Denial Of Service (DoS) / Information Disclosure

io.airlift: aircompressor is vulnerable to Denial Of Service (DoS) / Information Disclosure. The vulnerability is due to improper memory bounds checking during data decompression, caused by the use of the sun.misc.Unsafe class without additional safeguards. This can lead to out-of-bounds memory...

Regular Expression Denial Of Service (ReDoS)

micromatch is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due a regex expression with inefficient complexity within the micromatch.braces() method. An attacker can submit a large payload without a closing bracket, which results in Regular Expression Denial of...

Exploit for Out-of-bounds Write in Apple Ipad Os

Write up is here:...

air-spb.ucoz.ru Cross Site Scripting vulnerability OBB-3859345

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

🇮🇱 #BringThemHome #NeverAgainIsNow 🇮🇱 **We demand...

Spring Framework vulnerable to denial of service

In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial-of-service (DoS)...

Exploit for Out-of-bounds Write in Polkit Project Polkit

pkexec-exploit Local Privilege Escalation in polkit's pkexec...

Allaire/Macromedia JRun Sample Files (HTTP) - Active Check

This host is running the Allaire JRun web server and has sample files...

Exploit for Out-of-bounds Write in Google Chrome

CVE-2023-4863 ```bash # checkout webp git clone...

Exploit for Improper Control of Dynamically-Managed Code Resources in Crushftp

CVE-2023-43177 CrushFTP...

Exploit for Out-of-bounds Write in Polkit Project Polkit

b0VIM...

Index-out-of-bounds in LibRaw::apply_tiff

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55722 Crash type: Index-out-of-bounds Crash state: LibRaw::apply_tiff LibRaw::parse_jpeg...

Index-out-of-bounds in LibRaw::kodak_radc_load_raw

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52139 Crash type: Index-out-of-bounds Crash state: LibRaw::kodak_radc_load_raw LibRaw::unpack...

Use-of-uninitialized-value in QUICVariableInt::size

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69001 Crash type: Use-of-uninitialized-value Crash state: QUICVariableInt::size Http3SettingsFrame::Http3SettingsFrame...

Exploit for Deserialization of Untrusted Data in Apache Activemq

ActiveMQ_RCE_GUI...

Exploit for Deserialization of Untrusted Data in Apache Log4J

...

Exploit for Out-of-bounds Write in Linux Linux Kernel

CVE-2021-22555 This repo hosts TUKRU's Linux Privilege...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-detect...

Child of b/237288416: [Out of Bounds Write in audioProfileToHal Function in HidlUtils.cpp in [email protected]]

In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...