#ExploitObserverAlert
CVE-2017-6743
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2017-6743. The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60376, CSCve78027.
FIRST-EPSS: 0.007960000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2017-6743
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2017-6743. The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60376, CSCve78027.
FIRST-EPSS: 0.007960000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-0604
DESCRIPTION: Exploit Observer has 51 entries related to CVE-2019-0604. A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
FIRST-EPSS: 0.971750000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-0604
DESCRIPTION: Exploit Observer has 51 entries related to CVE-2019-0604. A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
FIRST-EPSS: 0.971750000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2013-1690
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2013-1690. Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
FIRST-EPSS: 0.063970000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2013-1690
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2013-1690. Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
FIRST-EPSS: 0.063970000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2015-2419
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2015-2419. JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."
FIRST-EPSS: 0.971560000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2015-2419
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2015-2419. JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."
FIRST-EPSS: 0.971560000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2018-13383
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-13383. A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
FIRST-EPSS: 0.008170000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2018-13383
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-13383. A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
FIRST-EPSS: 0.008170000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2018-14667
DESCRIPTION: Exploit Observer has 23 entries related to CVE-2018-14667. The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
FIRST-EPSS: 0.820930000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-14667
DESCRIPTION: Exploit Observer has 23 entries related to CVE-2018-14667. The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
FIRST-EPSS: 0.820930000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2009-0927
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2009-0927. Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
FIRST-EPSS: 0.974720000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2009-0927
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2009-0927. Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
FIRST-EPSS: 0.974720000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2016-4117
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2016-4117. Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
FIRST-EPSS: 0.957250000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-4117
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2016-4117. Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
FIRST-EPSS: 0.957250000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2015-2546
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2015-2546. The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518.
FIRST-EPSS: 0.000910000
NVD-IS: 10.0
NVD-ES: 3.4
CVE-2015-2546
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2015-2546. The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518.
FIRST-EPSS: 0.000910000
NVD-IS: 10.0
NVD-ES: 3.4
#ExploitObserverAlert
CVE-2007-5659
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2007-5659. Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
FIRST-EPSS: 0.972320000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2007-5659
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2007-5659. Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
FIRST-EPSS: 0.972320000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2023-22518
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2023-22518. All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
FIRST-EPSS: 0.967630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-22518
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2023-22518. All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
FIRST-EPSS: 0.967630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-30666
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-30666. A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.003490000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-30666
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-30666. A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.003490000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-21715
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21715. Microsoft Publisher Security Features Bypass Vulnerability
FIRST-EPSS: 0.000540000
NVD-IS: 5.9
NVD-ES: 1.3
CVE-2023-21715
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-21715. Microsoft Publisher Security Features Bypass Vulnerability
FIRST-EPSS: 0.000540000
NVD-IS: 5.9
NVD-ES: 1.3
#ExploitObserverAlert
CVE-2022-47966
DESCRIPTION: Exploit Observer has 48 entries related to CVE-2022-47966. Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
FIRST-EPSS: 0.970510000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-47966
DESCRIPTION: Exploit Observer has 48 entries related to CVE-2022-47966. Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
FIRST-EPSS: 0.970510000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-16651
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2017-16651. Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings
CVE-2017-16651
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2017-16651. Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings
#ExploitObserverAlert
CVE-2018-4990
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2018-4990. Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
FIRST-EPSS: 0.043290000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2018-4990
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2018-4990. Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
FIRST-EPSS: 0.043290000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2013-0422
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2013-0422. Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
FIRST-EPSS: 0.974350000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2013-0422
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2013-0422. Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
FIRST-EPSS: 0.974350000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2022-21919
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-21919. Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21895.
FIRST-EPSS: 0.002000000
NVD-IS: 5.9
NVD-ES: 1.0
CVE-2022-21919
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-21919. Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21895.
FIRST-EPSS: 0.002000000
NVD-IS: 5.9
NVD-ES: 1.0
#ExploitObserverAlert
CVE-2016-3643
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2016-3643. SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."
FIRST-EPSS: 0.001230000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2016-3643
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2016-3643. SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."
FIRST-EPSS: 0.001230000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-0543
DESCRIPTION: Exploit Observer has 42 entries related to CVE-2022-0543. It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
FIRST-EPSS: 0.971030000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2022-0543
DESCRIPTION: Exploit Observer has 42 entries related to CVE-2022-0543. It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
FIRST-EPSS: 0.971030000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-7600
DESCRIPTION: Exploit Observer has 253 entries related to CVE-2018-7600. Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
FIRST-EPSS: 0.975600000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-7600
DESCRIPTION: Exploit Observer has 253 entries related to CVE-2018-7600. Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
FIRST-EPSS: 0.975600000
NVD-IS: 5.9
NVD-ES: 3.9