JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

Security Bulletin: Denial of service and password enumeration might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilities have been addressed. CVE-2023-45288, CVE-2024-25031, CVE-2024-38322, CVE-2024-33883. Vulnerability Details ** CVEID: CVE-2023-45288 ...

Exploit for Use of a One-Way Hash with a Predictable Salt in Redux Gutenberg Template Library & Redux Framework

CVE-2021-38314 Python Exploit Detail The Gutenberg...

Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-35116)

Summary IBM MQ has addressed a denial of service vulnerability. Vulnerability Details CVEID: CVE-2024-35116 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes. CVSS Base score: 5.9 CVSS Temporal Score: See: ...

Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. (CVE-2023-29267)

Summary IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. Vulnerability Details ** CVEID: CVE-2023-29267 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as a trap...

CVE-2024-20361

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....

Malicious code in totohateinenkleinencock (PyPI)

-= Per source details. Do not edit below this...

Malicious code in pycryptolibary (PyPI)

-= Per source details. Do not edit below this...

Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0 . This advisory also provides guidance on what developers can do to update their...

Exploit for Out-of-bounds Write in Live2D Cubism Editor

MOC3ingbird DoS 日本語版：README_JA.md This...

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty shipped with with IBM CICS TX Advanced

Summary Security vulnerabilities may affect IBM WebSphere Liberty shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the issue. Vulnerability Details ** CVEID: CVE-2024-25026 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty...

Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034-CTF-writeup This is a CTF pwn challenge that I...

ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations

The Zend\Db component in Zend Framework 2 provides platform abstraction, which is used in particular for SQL abstraction. Two methods defined in the platform interface, quoteValue() and quoteValueList(), allow users to manually quote values for creating SQL statements; these are in turn consumed...

CVE-2024-20361

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

Takes in a ip list and you...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN...

Exploit for Use After Free in Microsoft

POC Recreating CVE 2023-36802 Microsoft Streaming...

Security Bulletin: IBM DataPower Gateway is vulnerable to denial of service due to Golang Go

Summary IBM DataPower Gateway is vulnerable to denial of service due to use of Golang Go in DataPower Operator and Prometheus Metrics . (CVE-2024-24783) Vulnerability Details ** CVEID: CVE-2024-24783 DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the...

Malicious code in pythoncolouringliberyv1 (PyPI)

-= Per source details. Do not edit below this...

Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search

Due to an oversized maximum result limit, TYPO3 component Indexed Search is susceptible to a Denial of Service...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919-Sniper ![CVE-2024-24919 Sniper...

Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

Denial of service of Minder Server with attacker-controlled REST endpoint in...

Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 and .NET 8.0 RC2. This advisory also provides guidance on what developers can do.....

ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities

In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mt_rand() function as a fallback. All outputs from mt_rand() are predictable for the same PHP process if an attacker can brute force the seed.....

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty shipped with IBM CICS TX Standard

Summary Security vulnerabilities may affect IBM WebSphere Liberty shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable issue. Vulnerability Details ** CVEID: CVE-2024-22353 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is...

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...

CVE-2023-41805

Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through...

Malicious code in pyfontslibrary (PyPI)

-= Per source details. Do not edit below this...

Malicious code in pipcoloringlibary (PyPI)

-= Per source details. Do not edit below this...

Malicious code in pipcryptographylibraryv2 (PyPI)

-= Per source details. Do not edit below this...

Malicious code in pipcolorlibv3 (PyPI)

-= Per source details. Do not edit below this...

Malicious code in sparkk (PyPI)

-= Per source details. Do not edit below this...

Malicious code in scappy (PyPI)

-= Per source details. Do not edit below this...

Malicious code in chromeselenium (PyPI)

-= Per source details. Do not edit below this...

Important: ipa security update

AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): freeipa: delegation rules allow a proxy service to impersonate any user to access another target...

Important: idm:DL1 security update

AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access...

Security Bulletin: PowerSC is vulnerable to security restrictions bypass and denial of service due to Curl

Summary Vulnerabilities in Curl could allow a remote attacker to bypass security restrictions (CVE-2024-2466, CVE-2024-2004, CVE-2024-2379) or cause a denial of service (CVE-2024-2398). PowerSC uses Curl as part of PowerSC Trusted Network Connect (TNC). Vulnerability Details ** CVEID:...

Denial Of Service (DoS)

libfrr.so is vulnerable to Denial Of Service (DoS). The vulnerability is due to insufficient handling of NULL return values when calling functions in the get_edge() function within ospf_te.c in the OSPF daemon, resulting in a crash of the daemon and subsequent denial of...

CVE-2024-20293

A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected...

Malicious code in pyportfoliopt (PyPI)

-= Per source details. Do not edit below this...

Malicious code in clowpy (PyPI)

-= Per source details. Do not edit below this...

Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto

A protocol weakness allows a MITM attacker to compromise the integrity of the secure channel before it is established, allowing the attacker to prevent transmission of a number of messages immediately after the secure channel is established without either side being aware. The impact of this...

Denial of Service Vulnerability in Rustls Library

Summary rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call complete_io and are not affected. rustls::Stream and...

Denial of Service Vulnerability in Rustls Library

Summary rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call complete_io and are not affected. rustls::Stream and...

Mattermost Desktop App Remote Code Execution

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE_2024_24919 Vulnerability Scanner This Java tool scans a...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE_2024_24919 Vulnerability Scanner This Java tool scans a...

CVE-2023-32319

Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue....

Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...