The Bank Of Tokyo-mitsubishi Ufj, Ltd. Security Vulnerabilities

[Out of Bounds Read in AnalyzeMfcResp in NxpMfcReader.cc in nfc_nci_nxp]

In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in deserialize in ExecutionBurstServer.cpp in libneuralnetworks_common_defaults]

In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Permanent denial of service via WifiManager#addOrUpdatePasspointConfiguration with invalid PasspointConfiguration.mDecoratedIdentityPrefix

In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for...

Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Mattermost fails to check whether the "Allow users to view archived channels" setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the "Allow users to view archived channels" setting is...

traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability

The traefik authors report: There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...

Pre-Auth Takeover of Build Pipelines in GoCD

GoCD contains a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information including build secrets and encryption...

Exploit for Deserialization of Untrusted Data in Apache Activemq

honeypot.rs Honeypot that scopes [CVE-2023-46604 (Apache...

Regular Expression Denial Of Service (ReDoS)

micromatch is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due a regex expression with inefficient complexity within the micromatch.braces() method. An attacker can submit a large payload without a closing bracket, which results in Regular Expression Denial of...

Denial Of Service (DoS) / Information Disclosure

io.airlift: aircompressor is vulnerable to Denial Of Service (DoS) / Information Disclosure. The vulnerability is due to improper memory bounds checking during data decompression, caused by the use of the sun.misc.Unsafe class without additional safeguards. This can lead to out-of-bounds memory...

Exploit for Out-of-bounds Write in Microsoft

CVE-2022-21882 win32k LPE bypass...

CVE-2024-33000 Missing Authorization check in SAP Bank Account Management

SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality to the...

Regular Expression Denial Of Service (ReDoS)

tecnickcom/tcpdf is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due to a regular expression with inefficient complexity utilized when parsing a SVG file. This allows an attacker to cause a denial of service by crafting a malicious svg...

Snakeyaml vulnerable to Stack overflow leading to denial of service

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service...

Denial Of Service (DoS)

gvisor.dev/gvisor is vulnerable to a Denial of Service (DoS). The vulnerability is due to improper checks for mounts marked as unmounted before propagating, which could lead to a panic. This allows an attacker running as root and with permission to mount volumes to kill the...

Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was...

Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing...

Exploit for Download of Code Without Integrity Check in Fortinet Fortios

Exploit for CVE-2021-44168 Purpose Exploit CVE-2021-44168...

CVE-2024-33000 Missing Authorization check in SAP Bank Account Management

SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality to the...

Exposure Of Sensitive Information To An Unauthorized Actor

Moodle is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to misconfiguration in a shared hosting environment, allowing a user with access to restore workshop modules and direct access to the web server outside of the Moodle webroot to execute a...

TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality (aka basic shopping cart) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...

Security Bulletin: IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central [CVE-2024-31879].

Summary IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes...

Deserialization Of Untrusted Data

illuminate/cookie is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure cookie encryption and serialization logic, which allows attackers to potentially decrypt or manipulate cookie data, resulting in arbitrary code...

Out-of-bounds Read

ibX11.so is vulnerable to Out-of-bounds Read. The vulnerability is due to function _XkbReadKeySyms allocating insufficient memory for the keysym buffer also failure to handle errors returned by _XkbReadBufferCopyKeySyms. This can leads to potential buffer overflow and out-of-bounds memory...

Out-of-bounds Read

grub2 is vulnerable to Out-of-bounds Read. The vulnerability allows an attacker to read arbitrary memory locations, including sensitive data such as cached passwords and EFI variable values, by presenting a specially crafted NTFS filesystem...

Out-of-bounds Read

libxpm is vulnerable to Out-of-bounds Read. The vulnerability is due to insufficient validation, incorrect handling of input data of buffer sizes within XpmCreateXpmImageFromBuffer function. This flaw allows an attacker to trigger an out-of-bounds read error via specially crafted input and read...

Out-of-Bounds Write

grub2 is vulnerable to Out-of-Bounds Write. The vulnerability allows an attacker to execute arbitrary code or bypass secure boot protection by presenting a specially crafted NTFS filesystem...

Out-of-Bounds Write

xwayland is vulnerable to Out-of-Bounds Write. An attacker could exploit this vulnerability by crafting a malicious X11 message that would cause the Xorg X11 server to write data outside of the bounds of a buffer which would allow the attacker to crash the server or escalate...

Out-of-bounds Write

qemu is vulnerable to Out-of-bounds Write. The vulnerability is due to there is no proper bounds checking in the virtio_net_flush_tx function of QEMU's virtio-net device when certain guest features are enabled. This oversight allows for a stack-based buffer overflow, enabling a malicious user to...

Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`

Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....

Exploit for Deserialization of Untrusted Data in Apache Log4J

CloudArmor · Runtime Application Self-Protection Module -...

Unrestricted Upload Of File With Dangerous Type

typo3/cms-core is vulnerable toUnrestricted Upload of File with Dangerous Type. The vulnerability is due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] allowing attackers to upload files like *.phar, *.shtml, *.pl, or *.cgi, which can be executed in certain web.....

CVE-2019-25086

A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be...

Azure Storage Movement Client Library Denial of Service Vulnerability

Azure Storage Movement Client Library Denial of Service...

Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel

Impact The MsQuic server application or process will crash, resulting in a denial of service. Patches The following patch was made: Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343 Workarounds...

Zendframework Denial of Service vector via XEE injection

Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc are vulnerable to XML Entity Expansion (XEE) vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and....

Zendframework Denial of Service vector via XEE injection

Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc are vulnerable to XML Entity Expansion (XEE) vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and....

Unlimited number of NTS-KE connections can crash ntpd-rs server

Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...

Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML...

[Out of Bounds Write in avdt_scb_hdl_write_req in avdt_scb_act.c in libbt-stack]

In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Write in attp_build_read_by_type_value_cmd in att_protocol.cc in libbt-stack]

In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in dropFramesUntilIframe Function in AAVCAssembler.cpp in libstagefright_rtsp]

In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

[Out of Bounds Read in pickStartSeq Function in AAVCAssembler.cpp in libstagefright_rtsp]

In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`

Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....

Exploit for Out-of-bounds Write in Google Chrome

CVE-2023-4863 ```bash # checkout webp git clone...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 Precompiled builds for CVE-2021-4034. Of...

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to a Denial of Service (DoS). The vulnerability is due to missing request size limits by the REST ingester when processing responses from remote REST endpoints, which allows an attacker to execute a Denial of Service attack by controlling a remote REST...

Exploit for External Control of File Name or Path in Fortinet Fortinac

CVE-2022-39952 POC for CVE-2022-39952 affecting Fortinet...

Out-of-Bounds Read

libxpm.so is vulnerable to Out-of-bounds Read. The vulnerability is due to a boundary condition, allowing a local user to trigger an out of bounds read error and read memory contents from the...

Denial Of Service (DOS)

jwcrypto is vulnerable to Denial Of Service (DoS). The vulnerability is due to a missing upper bound check in the p2c header value (PBES2 count) which contains the PBKDF2 iteration count used in the PBKDF2 cryptographic key derivation function. The unbounded value can be exploited by an attacker...

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege...