The Bank Of Tokyo-mitsubishi Ufj, Ltd. Security Vulnerabilities

Denial Of Service (DoS)

nodejs is vulnerable to Denial Of Service (DoS). The vulnerability exists when an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API. A non-expected termination occurs, making it susceptible to Denial of Service (DoS) attacks. In this scenario, an...

Denial Of Service (DoS)

Apache Avro is vulnerable to Buffer Overflow. The vulnerability is due to improper handling of deserialization when processing untrusted or corrupted data. This can result in a reader consuming memory beyond the allowed constraints, potentially leading to an out-of-memory condition on the...

Denial Of Service (DoS)

Magick is vulnerable to Denial of Service (DoS) attacks. Applications using the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() methods to check a DH key or DH parameters may encounter lengthy delays. If the key or parameters being verified have come from an unreliable source, this might...

Denial Of Service (DoS)

org.eclipse.jetty is vulnerable to Denial Of Service (DoS). The vulnerability arises from the library's failure to appropriately limit the size in HPACK header values. This allows an attacker to repeatedly send maliciously crafted HTTP messages, leading to an integer overflow and ultimately...

Improper Preservation Of Permissions

github.com/authzed/spicedb is vulnerable to Improper Preservation Of Permissions. The vulnerability is due to a failure in the exclusion dispatcher to request all the folders in which the user is a member, leading to an incorrect NO_PERMISSION response when the user should have...

Denial Of Service

rack is vulnerable to a Denial of service. The vulnerability is due to header parsing routines being susceptible to carefully crafted headers, which can cause the parsing process to take longer than expected, leading to a possible denial of service issue. This specifically impacts the Accept and...

Out-Of-Bounds

chromium is vulnerable to Out-Of-Bounds. The vulnerability is due to improper handling of specific UI gestures via a crafted HTML page, potentially allowing a remote attacker to exploit heap...

Denial Of Service (DoS)

ws is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of the Upgrade header when the number of received headers exceeds the server.maxHeadersCount or request.maxHeadersCount threshold, causing incomingMessage.headers.upgrade to not be set. Attackers can use...

Denial Of Service

dnsmasq is vulnerable to Denial of Service. The vulnerability due to KeyTrap issue when dealing with a zone that contains numerous DNSKEY (DNS Key) and RRSIG (Resource Record Signature) records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG....

Denial Of Service (DoS)

socket.io is vulnerable to Denial Of Service (DoS). The vulnerability is due to a specially crafted Socket.IO packet triggering an uncaught exception, which kills the Node.js process, allowing an attacker to crash the server by sending a malicious...

Denial Of Service (DoS)

org.apache.tomcat, tomcat-coyote is vulnerable to Denial of Service (DoS). The vulnerability is due to improper request handling when processing an HTTP/2 request that exceeds any of the configured limits for headers, leading to the associated HTTP/2 stream not being reset until after all of the...

Out-of-bounds Read

pymongo is vulnerable to Out-of-bounds Read. The vulnerability is due to improper validation of encoded BSON data during the deserialization process, which allows an attacker to submit a crafting payload resulting in an out-of-bounds...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling of untrusted data in the _load_model_from_local_file function within the sklearn/init .py. The vulnerability allows an attacker to inject a malicious pickle object into a model file on...

Denial Of Service (DoS)

galera-4 is vulnerable to Denial of Service (DoS). This vulnerability allows an attacker to cause MariaDB to crash by sending a specially crafted OpenVAS port scan to ports 3306 and 4567. The impact of this vulnerability is high, as it could be exploited by attackers to disrupt the availability of....

Denial Of Service (DoS)

io.netty:netty-handler is vulnerable to Denial of Service (DoS) attacks. During TLS handshakes, the SniHandler class can allocate up to 16MB of heap for each channel. The SniHandler is used to establish a TCP server when the handler or channel has no idle timeout. In order to configure an SSL...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: kots, cert-manager-fips, tekton-pipelines, bank-vaults-fips, grpc-health-probe, istio-fips, cosign, cilium, goreleaser, step, ko-fips, istio-pilot-agent, falco, oauth2-proxy, rabbitmq-messaging-topology-operator, spire-server, sigstore-scaffolding, argo-cd,...

GHSA-C5Q2-7R4C-MV6G vulnerabilities

Vulnerabilities for packages: kots, cert-manager-fips, tekton-pipelines, bank-vaults-fips, grpc-health-probe, istio-fips, cosign, cilium, goreleaser, step, ko-fips, istio-pilot-agent, falco, oauth2-proxy, rabbitmq-messaging-topology-operator, spire-server, sigstore-scaffolding, argo-cd,...

Denial Of Service (DoS)

io.undertow: undertow-core is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of URL-encoded request paths for concurrent requests on the ajp-listener, which can cause the wrong path to be processed, potentially leading to Denial Of Service...

Deserialization Of Untrusted Data

joblib is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling of pickle files in the read_array() function within numpy_pickle.py where pickle.load is enabled by default. This allows an attacker to execute arbitrary code by loading a maliciously crafted...

Denial Of Service (DoS)

NPTD is vulnerable to Denial Of Service (DoS). The vulnerability is due when the server is not NTS-enabled (no certificate), an attacker can submit a NTS-enabled client request, resulting in a server...

Exploit for Out-of-bounds Write in Microsoft

Since February 2022 was reported a new ransomware that appears...

Exploit for Out-of-bounds Write in Microsoft

cve-2022-21882-poc lpe...

Denial Of Service (DoS)

microsoft.azure.storage.datamovement is vulnerable to a Denial of Service (DoS). The vulnerability is due to improper handling of requests, which can lead to excessive resource...

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of input validation within the Clone() method when handling Git URLs provided by Minder users. The vulnerability allows Minder users to clone large repositories without enforcing size limits,...

Denial Of Service

dnsmasq is vulnerable to Denial Of Service. The attacker can exploit this vulnerability by sending crafted DNSSEC responses to the target system, causing it to consume excessive CPU...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization in the function _load_model_from_local_file within sklearn/init.py. An attacker can inject a malicious pickle object into a model file on upload, which will be deserialized resulting in...

Denial Of Service (DoS)

github.com/osrg/gobgp/ is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper memory management which results in an application crash due to the handlingError function in...

Mitsubishi Electric Automation MC-WorX Suite Detection

Mitsubishi Electric Automation MC-WorX, a suite of software modules for data visualization and SCADA applications, is installed on the remote Windows...

Exploit for Out-of-bounds Read in Microsoft

Information ============== Windows Kernel Pool (clfs.sys)...

Mitsubishi MX Component ActiveX Remote Code Execution

The Mitsubishi MX Component v3 'ActUWzd.dll' ActiveX control was found on the remote host. This control has several methods that are vulnerable to a heap-based buffer overflow. A remote attacker may be able to execute arbitrary code by tricking a victim into opening a specially crafted web...

Denial Of Service (DoS)

ch.qos.logback:logback-classic is vulnerable to Denial Of Service (DoS). The vulnerability is due to the readObject() method in the LoggingEventVO class which fails to check the length of an argument array during deserialization. An attacker could send crafted data, resulting in Denial of Service.....

Investigate Security Vulnerability of getPhysicalDisplayToken

In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Exploit for Out-of-bounds Write in Microsoft

Compiled PoC Binary For CVE-2023-28252 The repo contains...

Deserialization Of Untrusted Data

MLflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling user-supplied data in the sklearn/init.py within the loadmodelfromlocalfile function, which allows an attacker to inject a malicious pickle object into a model file on upload which will then be...

Denial Of Service (DoS)

github.com/klauspost/compress/zstd is vulnerable to a Denial of service (DoS). The vulnerability is due to its zstd decompression implementation not respecting the limits imposed by gRPC, which allows attacker to trigger rapid and uncontrolled increases in memory usage on the server or...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to a lack of proper input validation during the pickle deserialization process within the BaseCard.load() function in the recipes/cards/init .py file. This vulnerability allows an attacker to execute arbitrary...

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper handling of serialized data in the _load_pyfunc function within mlflow/pyfunc/model.py. This flaw allows an attacker to inject a malicious pickle object into a PyFunc model file, which results in....

Exploit for Access of Uninitialized Pointer in Microsoft

CVE-2022-21971: Uninitialized pointer free in prauthproviders...

Denial Of Service (DoS)

TYPO3 is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper validation of anonymous user sessions in the built-in record registration functionality using recs URL parameters, allowing attackers to create an arbitrary amount of individual session-data records in the...

Denial Of Service (DoS)

Bouncy Castle is vulnerable to an infinite loop. The vulnerability is due to insufficient verification of signatures and public keys during Ed25519 verification, allowing attackers to trigger a denial of service (DoS) due to the infinite...

EoP in shouldAbortBackgroundActivityStart of ActivityStarter.java

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Mattermost vulnerable to denial of service via large number of emoji reactions

Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the...

Denial Of Service (DoS)

org.springframework: spring-core is vulnerable to Denial of Service (DoS). The vulnerability is due to the mishandling of specially crafted HTTP requests, which can result in Denial of Service (DoS). As a prerequisite, Spring MVC and Spring Security must be on the classpath for this vulnerability.....

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper corruption checks which causes the lookup function to get stuck in an infinite loop, which allows an attacker to cause Denial of Service (DoS) by submitting a malformed DNS...

Exploit for Out-of-bounds Write in Microsoft

Since February 2022 was reported a new ransomware that appears...

CVE-2023-1964

A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. Affected is an unknown function of the file recovery.php of the component Password Reset. The manipulation of the argument uname/mobile leads to sql injection. It is possible to launch the attack....

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2023-2170......

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat Dc

CVE-2021-45067 This bug was Out of Bounds Read caused by...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2023-36745 Microsoft Exchange Server...

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do.....