#ExploitObserverAlert
CVE-2021-1048
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-1048. In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel
FIRST-EPSS: 0.000640000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-1048
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-1048. In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel
FIRST-EPSS: 0.000640000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-40870
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2021-40870. An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
FIRST-EPSS: 0.908800000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-40870
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2021-40870. An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
FIRST-EPSS: 0.908800000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-27065
DESCRIPTION: Exploit Observer has 89 entries related to CVE-2021-27065. Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.
FIRST-EPSS: 0.969370000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-27065
DESCRIPTION: Exploit Observer has 89 entries related to CVE-2021-27065. Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.
FIRST-EPSS: 0.969370000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2014-2817
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2014-2817. Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
FIRST-EPSS: 0.011930000
NVD-IS: 6.4
NVD-ES: 8.6
CVE-2014-2817
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2014-2817. Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
FIRST-EPSS: 0.011930000
NVD-IS: 6.4
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2017-11826
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2017-11826. Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.
FIRST-EPSS: 0.951390000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2017-11826
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2017-11826. Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.
FIRST-EPSS: 0.951390000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-10068
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2019-10068. An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.
FIRST-EPSS: 0.973660000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-10068
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2019-10068. An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.
FIRST-EPSS: 0.973660000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-0156
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-0156. A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.
FIRST-EPSS: 0.005100000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2018-0156
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2018-0156. A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.
FIRST-EPSS: 0.005100000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-41128
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-41128. Windows Scripting Languages Remote Code Execution Vulnerability
FIRST-EPSS: 0.209220000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-41128
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-41128. Windows Scripting Languages Remote Code Execution Vulnerability
FIRST-EPSS: 0.209220000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2014-0196
DESCRIPTION: Exploit Observer has 73 entries related to CVE-2014-0196. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO
CVE-2014-0196
DESCRIPTION: Exploit Observer has 73 entries related to CVE-2014-0196. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO
#ExploitObserverAlert
CVE-2016-5195
DESCRIPTION: Exploit Observer has 561 entries related to CVE-2016-5195. Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
FIRST-EPSS: 0.879360000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2016-5195
DESCRIPTION: Exploit Observer has 561 entries related to CVE-2016-5195. Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
FIRST-EPSS: 0.879360000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2009-0563
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2009-0563. Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."
FIRST-EPSS: 0.863270000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2009-0563
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2009-0563. Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."
FIRST-EPSS: 0.863270000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2019-0903
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2019-0903. A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.041510000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2019-0903
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2019-0903. A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.041510000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-0938
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2020-0938. A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.
FIRST-EPSS: 0.939960000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-0938
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2020-0938. A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.
FIRST-EPSS: 0.939960000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-30190
DESCRIPTION: Exploit Observer has 317 entries related to CVE-2022-30190. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
FIRST-EPSS: 0.973000000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-30190
DESCRIPTION: Exploit Observer has 317 entries related to CVE-2022-30190. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
FIRST-EPSS: 0.973000000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-30883
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2021-30883. A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.001940000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-30883
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2021-30883. A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.001940000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2012-2034
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2012-2034. Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.
FIRST-EPSS: 0.014240000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2012-2034
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2012-2034. Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.
FIRST-EPSS: 0.014240000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2021-30665
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-30665. A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.002910000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-30665
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-30665. A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.002910000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-14883
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2020-14883. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.972700000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2020-14883
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2020-14883. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.972700000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2020-12641
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-12641. rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
FIRST-EPSS: 0.076610000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-12641
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-12641. rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
FIRST-EPSS: 0.076610000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-7262
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2016-7262. Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."
FIRST-EPSS: 0.927320000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2016-7262
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2016-7262. Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."
FIRST-EPSS: 0.927320000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-9907
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-9907. A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.
FIRST-EPSS: 0.001880000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-9907
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-9907. A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.
FIRST-EPSS: 0.001880000
NVD-IS: 5.9
NVD-ES: 1.8