#ExploitObserverAlert
CVE-2021-37975
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-37975. Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.077650000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-37975
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-37975. Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.077650000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-23120
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2022-23120. A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-23120
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2022-23120. A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-2136
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-2136. Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.005290000
NVD-IS: 6.0
NVD-ES: 2.8
CVE-2023-2136
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-2136. Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.005290000
NVD-IS: 6.0
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-1297
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2019-1297. A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.041510000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2019-1297
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2019-1297. A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.041510000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-42287
DESCRIPTION: Exploit Observer has 108 entries related to CVE-2021-42287. Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.
FIRST-EPSS: 0.928080000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-42287
DESCRIPTION: Exploit Observer has 108 entries related to CVE-2021-42287. Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.
FIRST-EPSS: 0.928080000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-3010
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-3010. Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
FIRST-EPSS: 0.003940000
NVD-IS: 6.0
NVD-ES: 2.0
CVE-2019-3010
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-3010. Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
FIRST-EPSS: 0.003940000
NVD-IS: 6.0
NVD-ES: 2.0
#ExploitObserverAlert
CVE-2022-22587
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-22587. A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.002630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-22587
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-22587. A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.002630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8589
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2018-8589. An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
FIRST-EPSS: 0.001010000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2018-8589
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2018-8589. An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
FIRST-EPSS: 0.001010000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-35211
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-35211. Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
FIRST-EPSS: 0.304500000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2021-35211
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-35211. Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
FIRST-EPSS: 0.304500000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-16509
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2018-16509. An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
FIRST-EPSS: 0.971690000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2018-16509
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2018-16509. An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
FIRST-EPSS: 0.971690000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2018-18619
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-18619. internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
FIRST-EPSS: 0.004310000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-18619
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-18619. internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
FIRST-EPSS: 0.004310000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-35587
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2021-35587. Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.956430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-35587
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2021-35587. Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.956430000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-3351
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-3351. Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
FIRST-EPSS: 0.135940000
NVD-IS: 1.4
NVD-ES: 1.6
CVE-2016-3351
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-3351. Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
FIRST-EPSS: 0.135940000
NVD-IS: 1.4
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2021-36934
DESCRIPTION: Exploit Observer has 105 entries related to CVE-2021-36934. Windows Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-36934
DESCRIPTION: Exploit Observer has 105 entries related to CVE-2021-36934. Windows Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-36844
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2023-36844. A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
FIRST-EPSS: 0.212160000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-36844
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2023-36844. A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
FIRST-EPSS: 0.212160000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8298
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-8298. A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
FIRST-EPSS: 0.541220000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2018-8298
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-8298. A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
FIRST-EPSS: 0.541220000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2022-24706
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2022-24706. In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
FIRST-EPSS: 0.973770000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-24706
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2022-24706. In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
FIRST-EPSS: 0.973770000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2014-8439
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2014-8439. Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK
CVE-2014-8439
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2014-8439. Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK
#ExploitObserverAlert
CVE-2018-7841
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2018-7841. A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
FIRST-EPSS: 0.020760000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-7841
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2018-7841. A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
FIRST-EPSS: 0.020760000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-8196
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2020-8196. Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
FIRST-EPSS: 0.002010000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2020-8196
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2020-8196. Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
FIRST-EPSS: 0.002010000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2015-3035
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2015-3035. Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
FIRST-EPSS: 0.589930000
NVD-IS: 6.9
NVD-ES: 10.0
CVE-2015-3035
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2015-3035. Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
FIRST-EPSS: 0.589930000
NVD-IS: 6.9
NVD-ES: 10.0