#ExploitObserverAlert
CVE-2022-24086
DESCRIPTION: Exploit Observer has 32 entries related to CVE-2022-24086. Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
FIRST-EPSS: 0.264450000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-24086
DESCRIPTION: Exploit Observer has 32 entries related to CVE-2022-24086. Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
FIRST-EPSS: 0.264450000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-1147
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2020-1147. A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.904190000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-1147
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2020-1147. A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.904190000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2014-0160
DESCRIPTION: Exploit Observer has 660 entries related to CVE-2014-0160. The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
FIRST-EPSS: 0.975310000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2014-0160
DESCRIPTION: Exploit Observer has 660 entries related to CVE-2014-0160. The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
FIRST-EPSS: 0.975310000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8453
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2018-8453. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
FIRST-EPSS: 0.946940000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2018-8453
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2018-8453. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
FIRST-EPSS: 0.946940000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-21674
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-21674. Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000960000
NVD-IS: 6.0
NVD-ES: 2.0
CVE-2023-21674
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-21674. Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000960000
NVD-IS: 6.0
NVD-ES: 2.0
#ExploitObserverAlert
CVE-2020-9934
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-9934. An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.
FIRST-EPSS: 0.001160000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2020-9934
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-9934. An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.
FIRST-EPSS: 0.001160000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-23397
DESCRIPTION: Exploit Observer has 156 entries related to CVE-2023-23397. Microsoft Outlook Elevation of Privilege Vulnerability
FIRST-EPSS: 0.889360000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-23397
DESCRIPTION: Exploit Observer has 156 entries related to CVE-2023-23397. Microsoft Outlook Elevation of Privilege Vulnerability
FIRST-EPSS: 0.889360000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-0263
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2017-0263. The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
FIRST-EPSS: 0.020730000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2017-0263
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2017-0263. The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
FIRST-EPSS: 0.020730000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-4262
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-4262. Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.002730000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-4262
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-4262. Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.002730000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2010-4344
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2010-4344. Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
FIRST-EPSS: 0.930690000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2010-4344
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2010-4344. Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
FIRST-EPSS: 0.930690000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2017-0147
DESCRIPTION: Exploit Observer has 46 entries related to CVE-2017-0147. The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
FIRST-EPSS: 0.971120000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2017-0147
DESCRIPTION: Exploit Observer has 46 entries related to CVE-2017-0147. The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
FIRST-EPSS: 0.971120000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2016-6366
DESCRIPTION: Exploit Observer has 24 entries related to CVE-2016-6366. Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.
FIRST-EPSS: 0.974500000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2016-6366
DESCRIPTION: Exploit Observer has 24 entries related to CVE-2016-6366. Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.
FIRST-EPSS: 0.974500000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-37975
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-37975. Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.077650000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-37975
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-37975. Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.077650000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-23120
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2022-23120. A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-23120
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2022-23120. A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-2136
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-2136. Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.005290000
NVD-IS: 6.0
NVD-ES: 2.8
CVE-2023-2136
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-2136. Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.005290000
NVD-IS: 6.0
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-1297
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2019-1297. A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.041510000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2019-1297
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2019-1297. A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.041510000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-42287
DESCRIPTION: Exploit Observer has 108 entries related to CVE-2021-42287. Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.
FIRST-EPSS: 0.928080000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-42287
DESCRIPTION: Exploit Observer has 108 entries related to CVE-2021-42287. Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.
FIRST-EPSS: 0.928080000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-3010
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-3010. Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
FIRST-EPSS: 0.003940000
NVD-IS: 6.0
NVD-ES: 2.0
CVE-2019-3010
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-3010. Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
FIRST-EPSS: 0.003940000
NVD-IS: 6.0
NVD-ES: 2.0
#ExploitObserverAlert
CVE-2022-22587
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-22587. A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.002630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-22587
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-22587. A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.002630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8589
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2018-8589. An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
FIRST-EPSS: 0.001010000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2018-8589
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2018-8589. An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
FIRST-EPSS: 0.001010000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-35211
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-35211. Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
FIRST-EPSS: 0.304500000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2021-35211
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-35211. Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
FIRST-EPSS: 0.304500000
NVD-IS: 6.0
NVD-ES: 3.9