JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

Index-out-of-bounds in LibRaw::ahd_interpolate_r_and_b_in_rgb_and_convert_to_cielab

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51965 Crash type: Index-out-of-bounds Crash state: LibRaw::ahd_interpolate_r_and_b_in_rgb_and_convert_to_cielab LibRaw::ahd_interpolate...

Child of b/237288416: [Out of Bounds Write in audioProfileToHal Function in HidlUtils.cpp in [email protected]]

In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-detect...

Exploit for Deserialization of Untrusted Data in Apache Log4J

POC for CVE-2021-44228 This python script was created while...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Northwave Log4j CVE-2021-44228 checker Friday 10 December...

Exploit for Out-of-bounds Write in Haxx Libcurl

🇮🇱 **#BringThemHome...

Exploit for Out-of-bounds Write in Polkit Project Polkit

██████╗ ██╗ ██╗██╗ ██╗███╗ ██╗███████╗██████╗ ██╔══██...

Out-of-bounds Memory Access

xwayland is vulnerable to an out-of-bounds memory access flaw. The vulnerability is due to improper handling of devices reattachment scenarios, specifically when a device frozen by a sync grab is reattached to a different master...

K12201527: Overview of Quarterly Security Notifications

Security Advisory Description F5 discloses security vulnerabilities and security exposures for F5 products in Quarterly Security Notifications. Quarterly Security Notification dates are published in advance so customers can schedule necessary updates in advance of the public disclosure date. When.....

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 Precompiled builds for CVE-2021-4034. Of...

Denial of service of Minder Server with attacker-controlled REST endpoint

The Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the REST ingester, Minder sends.....

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4NoShell A Java Agent that disables Apache Log4J's JNDI...

Denial Of Service (DoS)

libtiff.so is vulnerable to Denial Of Service (DoS). The vulnerability is due to the TIFFRasterScanlineSize64 function returning excessively small or large sizes for certain TIFF inputs. This flaw allows a remote attacker to cause a Denial Of Service (DoS) via a crafted input with a size smaller...

Exploit for Deserialization of Untrusted Data in Apache Log4J

CVE-2021-44228_scanner Applications that are vulnerable to...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4NoShell A Java Agent that disables Apache Log4J's JNDI...

Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel

Impact The MsQuic server application or process will crash, resulting in a denial of service. Patches The following patch was made: Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343 Workarounds...

Denial Of Service (DOS)

github.com/sajari/docconv is vulnerable to Denial Of Service (DOS). The vulnerability exists in multiple functions because manipulation with an unknown input leads to a memory allocation when reading files from a ZIP...

Denial Of Service (DoS)

com.github.seancfoley: ipaddress is vulnerable to Denial Of Service (DoS). The vulnerability is due to missing checks for a radix value of 2 or greater when the radix value is passed as an argument to the IPAddressBitsDivision constructor. The IPAddressBitsDivision constructor internally calls the....

Denial Of Service (DoS)

Drupal is vulnerable to Denial of Service (DoS). The vulnerability is caused due to improper handling of structural elements, which can result in Denial of...

Denial Of Service (DoS)

Craft CMS is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper input validation within the Feed-Me Name and Feed-Me URL fields while saving a feed using an Asset element type with no volume selected. This issue can be exploited by an attacker to perform a...

Exploit for Download of Code Without Integrity Check in Fortinet Fortios

Exploit for CVE-2021-44168 Purpose Exploit CVE-2021-44168...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Nmap Log4Shell NSE script for discovery Apache Log4j RCE...

Denial Of Service (DoS)

libopencv_contrib.so is vulnerable to Denial of Service (DoS). A null pointer dereference in the wechat_qrcode module allows a remote attacker to crash affected applications by sending a specially crafted QR code. The vulnerability exists in DecodedBitStreamParser::decodeByteSegment function of...

Exploit for Exposure of Resource to Wrong Sphere in Microsoft

Blank Space Blank Space is a refactoring of James Forshaw's...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4NoShell A Java Agent that disables Apache Log4J's JNDI...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4NoShell A Java Agent that disables Apache Log4J's JNDI...

Exploit for Improper Control of Interaction Frequency in Asus Gt-Axe11000 Firmware

easy-exploits The current repository contains exploits of...

Exposure Of Sensitive Information

github.com/openshift/cluster-monitoring-operator is vulnerable to Exposure of Sensitive Information. The vulnerability is due to an annotation in the telemeter-client pod in the openshift-monitoring namespace that contains the cluster's pull secret, which can be accessed by users with sufficient...

Denial Of Service (DoS)

Bouncy Castle is vulnerable to Denial of Service (DoS). The vulnerability is due to improper validation of F2m parameters, allowing an attacker to craft a certificate that causes high CPU usage during the evaluation of the curve...

Use-of-uninitialized-value in aesEncryptBlock

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67066 Crash type: Use-of-uninitialized-value Crash state: aesEncryptBlock EncryptStream::lookChar...

Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel

Impact The MsQuic server application or process will crash, resulting in a denial of service. Patches The following patch was made: Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343 Workarounds...

Unrestricted Upload Of File With Dangerous Type

typo3/cms-core is vulnerable toUnrestricted Upload of File with Dangerous Type. The vulnerability is due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] allowing attackers to upload files like *.phar, *.shtml, *.pl, or *.cgi, which can be executed in certain web.....

Denial Of Service (DoS)

org.mvel: mvel2 is vulnerable to Denial Of Service (DoS). The vulnerability is due to the ParseTools.subCompileExpression method which times or executes for an indefinite time when parsing a crafted MVFLEX Expression (MVEL). A malicious user can craft an MVEL expression and pass to the...

Denial Of Services (DoS)

Libopencv_contrib.so is vulnerable to Denial of Service (DoS). This vulnerability exists due to a lack of proper buffer cleanup during an error in the DecodedBitStreamParser function of decoded_bit_stream_parser.cpp', which allows an attacker to cause an application crash when scanning a QR...

Denial Of Service (DoS)

mindspore is vulnerable to Denial of Service (DoS) attacks. A malicious user is able to cause an application crash due to a memory corruption due to the function JsonHelper::UpdateArray in the file...

Denial Of Service (DoS)

github.com/etcd-io/etcd is vulnerable to Denial of Service (DoS) attacks.. The vulnerability exists because the PageWriter.write function does not properly handle large requests, which an attacker to exploit this vulnerability by sending a specially crafted request that is larger than the expected....

Deserialization Of Untrusted Data

Whaleal IceFrog is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists in the aviator Template Engine which can result in code...

Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`

Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....

Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`

Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....

Exploit for Cleartext Storage of Sensitive Information in Keepass

CVE-2023-24055 POC and Scanner for CVE-2023-24055 Use at...

Denial Of Service (DoS)

gnutls is vulnerable to Denial of Service(DoS). The vulnerability is due to excessive resource consumption caused by the "certtool --verify-chain" command when verifying a specially crafted .pem bundle, leading to an application...

Impact of TunnelVision Vulnerability

The Palo Alto Networks Product Security Assurance team has evaluated the TunnelVision vulnerability as it relates to our products. This issue allows an attacker with the ability to send DHCP messages on the same local area network, such as a rogue Wi-Fi network, to leak traffic outside of the...

Task hijacking of apps that set allowTaskReparenting="true"

In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Talkback reads notifications of non-current Android user

In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-25820

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...

[Out of Bounds Read in WT_VoiceGain in eas_wtengine.c]

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...

Local persistent denial of service when setting PackageManager.GET_SIGNATURES

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

Can access comments and attachments of deleted cards

Description Impact A user with access to a deck board was able to access comments and attachments of already deleted cards. Patches It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1 Workarounds Disable Deck app References HackerOne...

Exploit for Out-of-bounds Write in Gnu Glibc

CVE-2023-4911 - Looney Tunables This is a (atm very rough)...

Security Bulletin: IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central [CVE-2024-31879].

Summary IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes...