#ExploitObserverAlert
CVE-2021-42287
DESCRIPTION: Exploit Observer has 108 entries related to CVE-2021-42287. Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.
FIRST-EPSS: 0.928080000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-42287
DESCRIPTION: Exploit Observer has 108 entries related to CVE-2021-42287. Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.
FIRST-EPSS: 0.928080000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-3010
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-3010. Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
FIRST-EPSS: 0.003940000
NVD-IS: 6.0
NVD-ES: 2.0
CVE-2019-3010
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-3010. Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
FIRST-EPSS: 0.003940000
NVD-IS: 6.0
NVD-ES: 2.0
#ExploitObserverAlert
CVE-2022-22587
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-22587. A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.002630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-22587
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-22587. A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
FIRST-EPSS: 0.002630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8589
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2018-8589. An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
FIRST-EPSS: 0.001010000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2018-8589
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2018-8589. An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
FIRST-EPSS: 0.001010000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-35211
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-35211. Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
FIRST-EPSS: 0.304500000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2021-35211
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2021-35211. Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
FIRST-EPSS: 0.304500000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-16509
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2018-16509. An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
FIRST-EPSS: 0.971690000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2018-16509
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2018-16509. An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
FIRST-EPSS: 0.971690000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2018-18619
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-18619. internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
FIRST-EPSS: 0.004310000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-18619
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2018-18619. internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
FIRST-EPSS: 0.004310000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-35587
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2021-35587. Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.956430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-35587
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2021-35587. Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.956430000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-3351
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-3351. Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
FIRST-EPSS: 0.135940000
NVD-IS: 1.4
NVD-ES: 1.6
CVE-2016-3351
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2016-3351. Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
FIRST-EPSS: 0.135940000
NVD-IS: 1.4
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2021-36934
DESCRIPTION: Exploit Observer has 105 entries related to CVE-2021-36934. Windows Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-36934
DESCRIPTION: Exploit Observer has 105 entries related to CVE-2021-36934. Windows Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-36844
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2023-36844. A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
FIRST-EPSS: 0.212160000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-36844
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2023-36844. A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
FIRST-EPSS: 0.212160000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8298
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-8298. A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
FIRST-EPSS: 0.541220000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2018-8298
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-8298. A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
FIRST-EPSS: 0.541220000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2022-24706
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2022-24706. In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
FIRST-EPSS: 0.973770000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-24706
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2022-24706. In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
FIRST-EPSS: 0.973770000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2014-8439
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2014-8439. Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK
CVE-2014-8439
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2014-8439. Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK
#ExploitObserverAlert
CVE-2018-7841
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2018-7841. A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
FIRST-EPSS: 0.020760000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-7841
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2018-7841. A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
FIRST-EPSS: 0.020760000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-8196
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2020-8196. Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
FIRST-EPSS: 0.002010000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2020-8196
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2020-8196. Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
FIRST-EPSS: 0.002010000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2015-3035
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2015-3035. Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
FIRST-EPSS: 0.589930000
NVD-IS: 6.9
NVD-ES: 10.0
CVE-2015-3035
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2015-3035. Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
FIRST-EPSS: 0.589930000
NVD-IS: 6.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2016-0034
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-0034. Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability."
FIRST-EPSS: 0.788260000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2016-0034
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2016-0034. Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability."
FIRST-EPSS: 0.788260000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2016-10174
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2016-10174. The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
FIRST-EPSS: 0.971900000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-10174
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2016-10174. The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
FIRST-EPSS: 0.971900000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-1579
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2019-1579. Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.
FIRST-EPSS: 0.746870000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2019-1579
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2019-1579. Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.
FIRST-EPSS: 0.746870000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2015-1671
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2015-1671. The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
FIRST-EPSS: 0.237890000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2015-1671
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2015-1671. The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
FIRST-EPSS: 0.237890000
NVD-IS: 10.0
NVD-ES: 8.6