#ExploitObserverAlert
CVE-2012-5076
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2012-5076. Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
FIRST-EPSS: 0.971190000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2012-5076
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2012-5076. Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
FIRST-EPSS: 0.971190000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2020-0069
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-0069. In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754
FIRST-EPSS: 0.001110000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-0069
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-0069. In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754
FIRST-EPSS: 0.001110000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-30983
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-30983. A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges.
FIRST-EPSS: 0.000880000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-30983
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-30983. A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges.
FIRST-EPSS: 0.000880000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-11539
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2019-11539. In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
FIRST-EPSS: 0.971880000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2019-11539
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2019-11539. In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
FIRST-EPSS: 0.971880000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2021-36741
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-36741. An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability.
FIRST-EPSS: 0.015970000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-36741
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-36741. An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability.
FIRST-EPSS: 0.015970000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2017-5689
DESCRIPTION: Exploit Observer has 82 entries related to CVE-2017-5689. An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
FIRST-EPSS: 0.974160000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-5689
DESCRIPTION: Exploit Observer has 82 entries related to CVE-2017-5689. An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
FIRST-EPSS: 0.974160000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-1069
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2019-1069. An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'.
FIRST-EPSS: 0.004480000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2019-1069
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2019-1069. An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'.
FIRST-EPSS: 0.004480000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-9859
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-9859. A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.
FIRST-EPSS: 0.000700000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-9859
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-9859. A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.
FIRST-EPSS: 0.000700000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-26858
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2021-26858. Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.
FIRST-EPSS: 0.555370000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-26858
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2021-26858. Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.
FIRST-EPSS: 0.555370000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2013-3660
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2013-3660. The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
FIRST-EPSS: 0.000610000
NVD-IS: 10.0
NVD-ES: 3.4
CVE-2013-3660
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2013-3660. The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
FIRST-EPSS: 0.000610000
NVD-IS: 10.0
NVD-ES: 3.4
#ExploitObserverAlert
CVE-2017-12617
DESCRIPTION: Exploit Observer has 132 entries related to CVE-2017-12617. When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
FIRST-EPSS: 0.974700000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2017-12617
DESCRIPTION: Exploit Observer has 132 entries related to CVE-2017-12617. When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
FIRST-EPSS: 0.974700000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2021-38646
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-38646. Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
FIRST-EPSS: 0.012750000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-38646
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-38646. Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
FIRST-EPSS: 0.012750000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2016-4437
DESCRIPTION: Exploit Observer has 64 entries related to CVE-2016-4437. Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
FIRST-EPSS: 0.975070000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2016-4437
DESCRIPTION: Exploit Observer has 64 entries related to CVE-2016-4437. Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
FIRST-EPSS: 0.975070000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2019-13720
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2019-13720. Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.974200000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2019-13720
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2019-13720. Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.974200000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-21166
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-21166. Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.028370000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-21166
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-21166. Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.028370000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-11581
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2019-11581. There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
FIRST-EPSS: 0.973790000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-11581
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2019-11581. There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
FIRST-EPSS: 0.973790000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-7238
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2019-7238. Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
FIRST-EPSS: 0.974220000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-7238
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2019-7238. Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
FIRST-EPSS: 0.974220000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-21972
DESCRIPTION: Exploit Observer has 132 entries related to CVE-2021-21972. The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
FIRST-EPSS: 0.974020000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-21972
DESCRIPTION: Exploit Observer has 132 entries related to CVE-2021-21972. The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
FIRST-EPSS: 0.974020000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-27518
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2022-27518. Unauthenticated remote arbitrary code execution
FIRST-EPSS: 0.028770000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-27518
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2022-27518. Unauthenticated remote arbitrary code execution
FIRST-EPSS: 0.028770000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8440
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2018-8440. An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
FIRST-EPSS: 0.973250000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2018-8440
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2018-8440. An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
FIRST-EPSS: 0.973250000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2015-1635
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2015-1635. HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
FIRST-EPSS: 0.975590000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2015-1635
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2015-1635. HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
FIRST-EPSS: 0.975590000
NVD-IS: 10.0
NVD-ES: 10.0