#ExploitObserverAlert
CVE-2017-8570
DESCRIPTION: Exploit Observer has 97 entries related to CVE-2017-8570. Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
FIRST-EPSS: 0.973390000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2017-8570
DESCRIPTION: Exploit Observer has 97 entries related to CVE-2017-8570. Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
FIRST-EPSS: 0.973390000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-7304
DESCRIPTION: Exploit Observer has 36 entries related to CVE-2019-7304. Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
FIRST-EPSS: 0.367820000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-7304
DESCRIPTION: Exploit Observer has 36 entries related to CVE-2019-7304. Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
FIRST-EPSS: 0.367820000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-3153
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2020-3153. A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
FIRST-EPSS: 0.000830000
NVD-IS: 4.0
NVD-ES: 2.0
CVE-2020-3153
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2020-3153. A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
FIRST-EPSS: 0.000830000
NVD-IS: 4.0
NVD-ES: 2.0
#ExploitObserverAlert
CVE-2021-21224
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2021-21224. Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
FIRST-EPSS: 0.736520000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-21224
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2021-21224. Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
FIRST-EPSS: 0.736520000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-22893
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2021-22893. Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
FIRST-EPSS: 0.967980000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2021-22893
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2021-22893. Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
FIRST-EPSS: 0.967980000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-1000486
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2017-1000486. Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
FIRST-EPSS: 0.968470000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-1000486
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2017-1000486. Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
FIRST-EPSS: 0.968470000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-15949
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2019-15949. Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.
FIRST-EPSS: 0.519440000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2019-15949
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2019-15949. Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.
FIRST-EPSS: 0.519440000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2015-2051
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2015-2051. The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
FIRST-EPSS: 0.971600000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2015-2051
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2015-2051. The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
FIRST-EPSS: 0.971600000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2021-41357
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-41357. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.005580000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-41357
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-41357. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.005580000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-41993
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2023-41993. The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
FIRST-EPSS: 0.006170000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-41993
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2023-41993. The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
FIRST-EPSS: 0.006170000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-3298
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2016-3298. Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
FIRST-EPSS: 0.958730000
NVD-IS: 3.6
NVD-ES: 1.6
CVE-2016-3298
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2016-3298. Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
FIRST-EPSS: 0.958730000
NVD-IS: 3.6
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2021-21985
DESCRIPTION: Exploit Observer has 63 entries related to CVE-2021-21985. The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
FIRST-EPSS: 0.973100000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-21985
DESCRIPTION: Exploit Observer has 63 entries related to CVE-2021-21985. The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
FIRST-EPSS: 0.973100000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-32409
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-32409. The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
FIRST-EPSS: 0.008510000
NVD-IS: 4.0
NVD-ES: 3.9
CVE-2023-32409
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-32409. The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
FIRST-EPSS: 0.008510000
NVD-IS: 4.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-15811
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-15811. DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
FIRST-EPSS: 0.043250000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2018-15811
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2018-15811. DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
FIRST-EPSS: 0.043250000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-20700
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-20700. Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
FIRST-EPSS: 0.004840000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-20700
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-20700. Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
FIRST-EPSS: 0.004840000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-1938
DESCRIPTION: Exploit Observer has 241 entries related to CVE-2020-1938. When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
FIRST-EPSS: 0.974830000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-1938
DESCRIPTION: Exploit Observer has 241 entries related to CVE-2020-1938. When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
FIRST-EPSS: 0.974830000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2015-4902
DESCRIPTION: Exploit Observer has 23 entries related to CVE-2015-4902. Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.
FIRST-EPSS: 0.008610000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2015-4902
DESCRIPTION: Exploit Observer has 23 entries related to CVE-2015-4902. Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.
FIRST-EPSS: 0.008610000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2018-19953
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2018-19953. If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
FIRST-EPSS: 0.003790000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2018-19953
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2018-19953. If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
FIRST-EPSS: 0.003790000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-23134
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2022-23134. After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
FIRST-EPSS: 0.202480000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2022-23134
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2022-23134. After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
FIRST-EPSS: 0.202480000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-7855
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2016-7855. Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.
FIRST-EPSS: 0.086750000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2016-7855
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2016-7855. Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.
FIRST-EPSS: 0.086750000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2010-3904
DESCRIPTION: Exploit Observer has 111 entries related to CVE-2010-3904. The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
FIRST-EPSS: 0.000880000
NVD-IS: 10.0
NVD-ES: 3.9
CVE-2010-3904
DESCRIPTION: Exploit Observer has 111 entries related to CVE-2010-3904. The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
FIRST-EPSS: 0.000880000
NVD-IS: 10.0
NVD-ES: 3.9