#ExploitObserverAlert
CVE-2021-3611
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-3611. A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
FIRST-EPSS: 0.000420000
NVD-IS: 4.0
NVD-ES: 2.0
CVE-2021-3611
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-3611. A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
FIRST-EPSS: 0.000420000
NVD-IS: 4.0
NVD-ES: 2.0
#ExploitObserverAlert
CVE-2023-0461
DESCRIPTION: Exploit Observer has 22 entries related to CVE-2023-0461. There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.
There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.
When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.
The setsockopt TCP_ULP operation does not require any privilege.
We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-0461
DESCRIPTION: Exploit Observer has 22 entries related to CVE-2023-0461. There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.
There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.
When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.
The setsockopt TCP_ULP operation does not require any privilege.
We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-22213
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-22213. A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari
FIRST-EPSS: 0.001710000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2021-22213
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-22213. A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari
FIRST-EPSS: 0.001710000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-4966
DESCRIPTION: Exploit Observer has 120 entries related to CVE-2023-4966. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
FIRST-EPSS: 0.922670000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-4966
DESCRIPTION: Exploit Observer has 120 entries related to CVE-2023-4966. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
FIRST-EPSS: 0.922670000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-23635
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-23635. Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.
FIRST-EPSS: 0.001210000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-23635
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-23635. Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.
FIRST-EPSS: 0.001210000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-3768
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-3768. The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author
FIRST-EPSS: 0.015930000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-3768
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-3768. The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author
FIRST-EPSS: 0.015930000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-1721
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-1721. .NET Core and Visual Studio Denial of Service Vulnerability
FIRST-EPSS: 0.001680000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2021-1721
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-1721. .NET Core and Visual Studio Denial of Service Vulnerability
FIRST-EPSS: 0.001680000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-1067
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-1067. A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.012660000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-1067
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-1067. A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.
FIRST-EPSS: 0.012660000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-22515
DESCRIPTION: Exploit Observer has 209 entries related to CVE-2023-22515. Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
FIRST-EPSS: 0.955290000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-22515
DESCRIPTION: Exploit Observer has 209 entries related to CVE-2023-22515. Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
FIRST-EPSS: 0.955290000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-13954
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2020-13954. By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.
FIRST-EPSS: 0.165290000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2020-13954
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2020-13954. By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.
FIRST-EPSS: 0.165290000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-12446
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-12446. The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\SYSTEM.
FIRST-EPSS: 0.000440000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-12446
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-12446. The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\SYSTEM.
FIRST-EPSS: 0.000440000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-1472
DESCRIPTION: Exploit Observer has 406 entries related to CVE-2020-1472. An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
FIRST-EPSS: 0.974540000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2020-1472
DESCRIPTION: Exploit Observer has 406 entries related to CVE-2020-1472. An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
FIRST-EPSS: 0.974540000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-27191
DESCRIPTION: Exploit Observer has 24 entries related to CVE-2022-27191. The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
FIRST-EPSS: 0.002530000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-27191
DESCRIPTION: Exploit Observer has 24 entries related to CVE-2022-27191. The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
FIRST-EPSS: 0.002530000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-36760
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2022-36760. Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
FIRST-EPSS: 0.013020000
NVD-IS: 6.0
NVD-ES: 2.2
CVE-2022-36760
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2022-36760. Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
FIRST-EPSS: 0.013020000
NVD-IS: 6.0
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2012-4360
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2012-4360. Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
FIRST-EPSS: 0.002000000
NVD-IS: 2.9
NVD-ES: 8.6
CVE-2012-4360
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2012-4360. Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
FIRST-EPSS: 0.002000000
NVD-IS: 2.9
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2022-22978
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2022-22978. In spring security versions prior to 5.4.11 , 5.5.7 , 5.6.4 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
FIRST-EPSS: 0.011580000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-22978
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2022-22978. In spring security versions prior to 5.4.11 , 5.5.7 , 5.6.4 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
FIRST-EPSS: 0.011580000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-37436
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2022-37436. Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2022-37436
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2022-37436. Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.
FIRST-EPSS: 0.000440000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2012-3526
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2012-3526. The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
FIRST-EPSS: 0.037610000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2012-3526
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2012-3526. The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
FIRST-EPSS: 0.037610000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2023-38817
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38817. An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself."
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-38817
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38817. An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself."
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2008-5161
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2008-5161. Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
FIRST-EPSS: 0.010490000
NVD-IS: 2.9
NVD-ES: 4.9
CVE-2008-5161
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2008-5161. Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
FIRST-EPSS: 0.010490000
NVD-IS: 2.9
NVD-ES: 4.9
#ExploitObserverAlert
CVE-2023-43794
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-43794. Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL queries to be executed. Since this is a blind SQL injection, an attacker may need to use time-based payloads which would include a function to delay execution for a given number of seconds. The response time indicates, whether the result of the query execution was true or false. Depending on the result, the HTTP response will be returned after a given number of seconds, indicating TRUE, or immediately, indicating FALSE. In that way, an attacker can reveal the data present in the database. This vulnerability has been addressed in version 0.111.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-141`.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 1.2
CVE-2023-43794
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-43794. Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL queries to be executed. Since this is a blind SQL injection, an attacker may need to use time-based payloads which would include a function to delay execution for a given number of seconds. The response time indicates, whether the result of the query execution was true or false. Depending on the result, the HTTP response will be returned after a given number of seconds, indicating TRUE, or immediately, indicating FALSE. In that way, an attacker can reveal the data present in the database. This vulnerability has been addressed in version 0.111.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-141`.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 1.2