JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

Exploit for Code Injection in Cisco Adaptive Security Appliance Software

CVE-2024-20359-CiscoASA-FTD-exploit Exploit for Cisco ASA and...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919-Exploit Overview This repository contains...

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado

Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC Install Tornado. Start a simple Tornado server that echoes each...

[Out of Bounds Write in BTM_BlePeriodicSyncSetInfo in btm_ble_gap.cc in libbt-stack]

In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in pin_reply Function in bluetooth.cc in Bluetooth]

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for...

[oob write due to invaild length check in Mfc_Transceive() of libnfc_nci_jni.so]

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in extract3GPPGlobalDescriptions Function in TextDescriptions.cpp in libstagefright_timedtext]

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in updateAudioTrackInfoFromESDS_MPEG4Audio Function in MPEG4Extractor.cpp in libmp4extractor]

In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...

Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM TXSeries for Multiplatforms is vulnerable to a Denial of Service.

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM TXSeries for Multiplatforms. The version of IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms has been updated to address the applicable...

Apache ActiveMQ Deserialization of Untrusted Data vulnerability

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest...

Aimeos denial of service vulnerability in SaaS and marketplace setups

Impact All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack Patches Upgrade to the latest 2022.10 LTS, 2023.10 LTS and 2024.04.7 version of the aimeos/aimeos-core...

Aimeos denial of service vulnerability in SaaS and marketplace setups

Impact All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack Patches Upgrade to the latest 2022.10 LTS, 2023.10 LTS and 2024.04.7 version of the aimeos/aimeos-core...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

Vulnerability Scanner for CVE-2024-24919 (need Shodan API)...

China Suspected in Major Cyberattack on UK’s Ministry of Defence (MoD)

By Waqas UK Ministry of Defence (MoD) faces potential Chinese cyberattack. Learn more about the details of the alleged attack, China's role in cyberspace, potential consequences, and the importance of international cooperation in cybersecurity. This is a post from HackRead.com Read the original...

CVE-2024-20361

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....

[Crafted HFP Client Packet Causes Out-of-bounds Write in Bluetooth]

In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML...

Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security

Improper Restriction of Excessive Authentication Attempts in...

Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this....

Minder affected by denial of service from maliciously configured Git repository

Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...

Displaying photos of other users via a notification with RemoteViews.setIcon/4

In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in avdt_scb_hdl_pkt_no_frag Function in avdt_scb_act.cc in Bluetooth]

In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Registering BroadcastReceiver as another app through IApplicationThread of isolated external service

In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...

[Out of Bounds Write in bta_av_rc_disc_done Function in bta_av_act.cc in Bluetooth]

In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Regression] Uninstalling of packages by DPC does not work in T

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in process_service_search_rsp Function in sdp_discoverty.cc in Bluetooth]

In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919-POC Read about it -...

DoS (Denial of Service) in Confluence Data Center and Server

This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...

Exploit for Use of a Broken or Risky Cryptographic Algorithm in Vmware Aria Operations For Networks

CVE-2023-34039 POC for CVE-2023-34039 VMWare Aria Operations...

apko Exposure of HTTP basic auth credentials in log output

Summary Exposure of HTTP basic auth credentials from repository and keyring URLs in log output Details There was a handful of instances where the apko tool was outputting error messages and log entries where HTTP basic authentication credentials were exposed for one of two reasons: The%s verb was.....

Generation of Error Message Containing Sensitive Information in zsa

Impact All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit...

Generation of Error Message Containing Sensitive Information in zsa

Impact All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit...

Temporal Server Denial of Service in go.temporal.io/server

Temporal Server Denial of Service in...

zfr authentication adapter did not verify validity of tokens

Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a (release 0.1.2), tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919 Bulk Scanner CVE-2024-24919 [Check Point...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

...

Exploit for Improper Validation of Specified Quantity in Input in Cisco Rv340 Firmware

CVE-2022-20699 🎧...

TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

[Crafted HFP Client Packet Causes Out-of-bounds Read in Bluetooth]

In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for...

DoS (Denial of Service) okio in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability is included in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, and 8.14.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

moby docker daemon crash during image pull of malicious image

Impact Pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Patches Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. Credits Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the....

CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual...

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

MS-MSDT-Office-RCE-Follina CVE-2022-30190 | MS-MSDT Follina...

CVE-2024-20359

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...

PyMongo Out-of-bounds Read in the bson module

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919 Name: CVE-2024-24919 Scanner Author:...

Minder affected by denial of service from maliciously configured Git repository

Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...

TYPO3 Disclosure of Information about Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...

RHEL 8 : nodejs-kind-of (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nodejs-kind-of: ctorName in index.js allows external user input to overwrite certain internal attributes ...