#ExploitObserverAlert
CVE-2019-8506
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2019-8506. A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
FIRST-EPSS: 0.074720000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2019-8506
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2019-8506. A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
FIRST-EPSS: 0.074720000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-36260
DESCRIPTION: Exploit Observer has 59 entries related to CVE-2021-36260. A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
FIRST-EPSS: 0.975060000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-36260
DESCRIPTION: Exploit Observer has 59 entries related to CVE-2021-36260. A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
FIRST-EPSS: 0.975060000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-28205
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-28205. A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-28205
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-28205. A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2009-3960
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2009-3960. Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
FIRST-EPSS: 0.969230000
NVD-IS: 2.9
NVD-ES: 8.6
CVE-2009-3960
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2009-3960. Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
FIRST-EPSS: 0.969230000
NVD-IS: 2.9
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2013-2251
DESCRIPTION: Exploit Observer has 69 entries related to CVE-2013-2251. Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
FIRST-EPSS: 0.974320000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2013-2251
DESCRIPTION: Exploit Observer has 69 entries related to CVE-2013-2251. Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
FIRST-EPSS: 0.974320000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2017-6742
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2017-6742. The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve54313.
FIRST-EPSS: 0.006270000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2017-6742
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2017-6742. The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve54313.
FIRST-EPSS: 0.006270000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-15999
DESCRIPTION: Exploit Observer has 31 entries related to CVE-2020-15999. Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.052940000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2020-15999
DESCRIPTION: Exploit Observer has 31 entries related to CVE-2020-15999. Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.052940000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-4427
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2020-4427. IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
FIRST-EPSS: 0.009980000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-4427
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2020-4427. IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
FIRST-EPSS: 0.009980000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2013-0625
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2013-0625. Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
FIRST-EPSS: 0.861850000
NVD-IS: 6.4
NVD-ES: 8.6
CVE-2013-0625
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2013-0625. Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
FIRST-EPSS: 0.861850000
NVD-IS: 6.4
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2016-3718
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2016-3718. The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
FIRST-EPSS: 0.933330000
NVD-IS: 4.0
NVD-ES: 1.8
CVE-2016-3718
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2016-3718. The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
FIRST-EPSS: 0.933330000
NVD-IS: 4.0
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2015-1641
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2015-1641. Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
FIRST-EPSS: 0.966140000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2015-1641
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2015-1641. Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
FIRST-EPSS: 0.966140000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2021-32648
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-32648. octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.
FIRST-EPSS: 0.020640000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2021-32648
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-32648. octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.
FIRST-EPSS: 0.020640000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2012-1710
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2012-1710. Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709.
FIRST-EPSS: 0.948490000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-2012-1710
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2012-1710. Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709.
FIRST-EPSS: 0.948490000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2022-38181
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2022-38181. The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.
FIRST-EPSS: 0.206330000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-38181
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2022-38181. The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.
FIRST-EPSS: 0.206330000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-22005
DESCRIPTION: Exploit Observer has 68 entries related to CVE-2021-22005. The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
FIRST-EPSS: 0.970530000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-22005
DESCRIPTION: Exploit Observer has 68 entries related to CVE-2021-22005. The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
FIRST-EPSS: 0.970530000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-7494
DESCRIPTION: Exploit Observer has 273 entries related to CVE-2017-7494. Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
FIRST-EPSS: 0.972640000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-7494
DESCRIPTION: Exploit Observer has 273 entries related to CVE-2017-7494. Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
FIRST-EPSS: 0.972640000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-9377
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-9377. D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
FIRST-EPSS: 0.971100000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-9377
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-9377. D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
FIRST-EPSS: 0.971100000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2015-3113
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2015-3113. Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
FIRST-EPSS: 0.961580000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2015-3113
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2015-3113. Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
FIRST-EPSS: 0.961580000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2021-21206
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-21206. Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.055800000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-21206
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-21206. Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.055800000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-29552
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-29552. The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
FIRST-EPSS: 0.043370000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-29552
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-29552. The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
FIRST-EPSS: 0.043370000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-7200
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2016-7200. The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
FIRST-EPSS: 0.966450000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2016-7200
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2016-7200. The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
FIRST-EPSS: 0.966450000
NVD-IS: 5.9
NVD-ES: 1.6