JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

TaskFragmentOrganizer.applySyncTransaction() allows leaking SurfaceControl of outer Task

In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Permanent denial of service via NotificationManager#createNotificationChannel

In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

Potential OOB Read in attp_build_value_cmd() of att_protocol.cc

In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Permanent denial of service via PackageManager#setMimeGroup

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

Exploit for Out-of-bounds Read in Adobe Bridge

Exploit for CVE-2021-44168 Purpose Exploit CVE-2021-44168...

Drupal Brute force amplification attacks via XML-RPC

The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same...

Out of bounds read in json-smart

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service (DOS) via a crafted web...

Exploit for Unrestricted Upload of File with Dangerous Type in Boidcms

CVE-2023-38836 Exploit File Upload vulnerability in BoidCMS...

YARP Denial of Service Vulnerability

Impact A denial of service vulnerability exists in YARP. Patches If you're using YARP 1.x, you should update to NuGet package version 1.1.2. If you're using YARP 2.0.0, you should update to NuGet package version 2.0.1. You can do so by updating the PackageReference in your .csproj file diff...

TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...

YARP Denial of Service Vulnerability

Impact A denial of service vulnerability exists in YARP. Patches If you're using YARP 1.x, you should update to NuGet package version 1.1.2. If you're using YARP 2.0.0, you should update to NuGet package version 2.0.1. You can do so by updating the PackageReference in your .csproj file diff...

.NET Denial of Service vulnerability

Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...

TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...

Use-of-uninitialized-value in complexity_RC_reset_marking

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57398 Crash type: Use-of-uninitialized-value Crash state: complexity_RC_reset_marking ihevce_pre_enc_process_frame_thrd...

Denial Of Service (DoS)

.NET and ASP.NET are vulnerable to Denial Of Service (DoS). The vulnerability exists in the Kestrel web server, which allows an attacker to bypass the QUIC stream limit in HTTP/3, resulting in an application...

Denial Of Service (DoS)

ASP.NET Core is vulnerable to Denial of Service (DoS). The vulnerability occurs when an attacker cancels a HTTP requests made to ASP.NET Core running on an IIS In Process hosting model, which may cause an increase in thread counts, potentially leading to an OutOfMemoryException, which results in...

.netrc parser out-of-bounds access

curl can be told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary. This does in most cases cause....

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4jCenter Exploiting CVE-2021-44228 in vCenter for remote...

Exploit for Cleartext Transmission of Sensitive Information in Keepass

Keepass-Dumper This is my PoC implementation for...

Exploit for Deserialization of Untrusted Data in Apache Log4J

CVE-2021-44228 Abuse Log4J CVE-2021-44228 to patch...

CVE-2016-2427

The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug...

Child of b/237288416: [Out of Bounds Write in audioProfileToHal Function in HidlUtils.cpp in [email protected]]

In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Exploit for Deserialization of Untrusted Data in Microsoft

nse-exchange Nmap NSE scripts to check against exchange...

Use-of-uninitialized-value in ihevce_strm_fill_done

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57401 Crash type: Use-of-uninitialized-value Crash state: ihevce_strm_fill_done ihevce_ent_coding_thrd...

Mattermost vulnerable to denial of service via large number of emoji reactions

Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the...

Exploit for Out-of-bounds Write in Linux Linux Kernel

Linux_LPE_eBPF_CVE-2021-3490 LPE exploit for CVE-2021-3490....

Exploit for Deserialization of Untrusted Data in Solarwinds Orion Platform

CVE-2021-35215 SolarWinds Orion Platform ActionPluginBaseView...

CVE-2020-21487

Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of...

Exploit for Out-of-bounds Write in Polkit Project Polkit

PwnKit-Exploit CVE-2021-4034 ...

Denial of Service in TenderMint

Description Denial of Service Tendermint 0.33.0 and above allow block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing the chainID. (It is a misconfiguration to reuse chainIDs.) Correct.....

Adobe ColdFusion - Deserialization of Untrusted Data

Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user...

Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-this....

Keycloak Denial of Service via account lockout

In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his...

Keycloak Denial of Service via account lockout

In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof...

Exploit for Out-of-bounds Write in Fortinet Fortios-6K7K

Usage: python3 cve-2022-42475.py rhost rport lhost 'command'...

By-passing Protection of PharStreamWrapper Interceptor

Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....

Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...

Use-of-uninitialized-value in do_callout_jit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68365 Crash type: Use-of-uninitialized-value Crash state: do_callout_jit...

Use-of-uninitialized-value in ihevce_enc_frm_proc_slave_thrd

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57397 Crash type: Use-of-uninitialized-value Crash state: ihevce_enc_frm_proc_slave_thrd osal_func...

Exploit for Allocation of Resources Without Limits or Throttling in Discourse

CVE-2023-38408 PoC for the recent critical vuln affecting...

Denial of service while parsing a tar file due to lack of folders count validation

Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-this....

Task hijacking of apps that set allowTaskReparenting="true"

In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Exploit for Out-of-bounds Write in Google Chrome

libwebp CVE-2023-4863 [A Vulnerability...

Moodle CSRF risks due to misuse of confirm_sesskey

Incorrect CSRF token checks resulted in multiple CSRF...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 CVE-2021-4034 centos8可用版本...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

CVE-2023-28432...

Spring Framework vulnerable to denial of service

In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial-of-service (DoS)...

Spring Framework vulnerable to denial of service

In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial-of-service (DoS)...

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer

CVE-2023-0669 This Repo contain the pcakages and...