#ExploitObserverAlert
CVE-2022-4175
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-4175. Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000960000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-4175
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-4175. Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000960000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-1304
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2022-1304. An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-1304
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2022-1304. An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-34312
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-34312. In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-34312
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-34312. In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-22182
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-22182. An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request.
FIRST-EPSS: 0.000620000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2021-22182
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-22182. An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request.
FIRST-EPSS: 0.000620000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2015-1792
DESCRIPTION: Exploit Observer has 46 entries related to CVE-2015-1792. The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.
FIRST-EPSS: 0.634140000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2015-1792
DESCRIPTION: Exploit Observer has 46 entries related to CVE-2015-1792. The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.
FIRST-EPSS: 0.634140000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2023-23752
DESCRIPTION: Exploit Observer has 85 entries related to CVE-2023-23752. An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
FIRST-EPSS: 0.700360000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-23752
DESCRIPTION: Exploit Observer has 85 entries related to CVE-2023-23752. An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
FIRST-EPSS: 0.700360000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-4361
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-4361. Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2022-4361
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-4361. Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-30547
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-30547. vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.
FIRST-EPSS: 0.001020000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2023-30547
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-30547. vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.
FIRST-EPSS: 0.001020000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2015-6967
DESCRIPTION: Exploit Observer has 24 entries related to CVE-2015-6967. Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
FIRST-EPSS: 0.039800000
NVD-IS: 6.4
NVD-ES: 8.0
CVE-2015-6967
DESCRIPTION: Exploit Observer has 24 entries related to CVE-2015-6967. Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
FIRST-EPSS: 0.039800000
NVD-IS: 6.4
NVD-ES: 8.0
#ExploitObserverAlert
CVE-2023-20198
DESCRIPTION: Exploit Observer has 153 entries related to CVE-2023-20198. Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
FIRST-EPSS: 0.916150000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2023-20198
DESCRIPTION: Exploit Observer has 153 entries related to CVE-2023-20198. Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
FIRST-EPSS: 0.916150000
NVD-IS: 6.0
NVD-ES: 3.9