#ExploitObserverAlert
CVE-2017-6740
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2017-6740. The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601.
FIRST-EPSS: 0.007960000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2017-6740
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2017-6740. The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601.
FIRST-EPSS: 0.007960000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2017-9822
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2017-9822. DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
FIRST-EPSS: 0.960980000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2017-9822
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2017-9822. DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
FIRST-EPSS: 0.960980000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2014-4404
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2014-4404. Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
FIRST-EPSS: 0.005100000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2014-4404
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2014-4404. Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
FIRST-EPSS: 0.005100000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2021-3560
DESCRIPTION: Exploit Observer has 120 entries related to CVE-2021-3560. It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
FIRST-EPSS: 0.011770000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-3560
DESCRIPTION: Exploit Observer has 120 entries related to CVE-2021-3560. It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
FIRST-EPSS: 0.011770000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-17621
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2019-17621. The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
FIRST-EPSS: 0.971330000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-17621
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2019-17621. The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
FIRST-EPSS: 0.971330000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-19949
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2018-19949. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
FIRST-EPSS: 0.006720000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-19949
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2018-19949. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
FIRST-EPSS: 0.006720000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-5631
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-5631. Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
FIRST-EPSS: 0.009860000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-5631
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-5631. Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
FIRST-EPSS: 0.009860000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2002-0367
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2002-0367. smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
FIRST-EPSS: 0.000920000
NVD-IS: 10.0
NVD-ES: 3.9
CVE-2002-0367
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2002-0367. smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
FIRST-EPSS: 0.000920000
NVD-IS: 10.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-33766
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2021-33766. Microsoft Exchange Information Disclosure Vulnerability
FIRST-EPSS: 0.930380000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-33766
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2021-33766. Microsoft Exchange Information Disclosure Vulnerability
FIRST-EPSS: 0.930380000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-42793
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2023-42793. In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
FIRST-EPSS: 0.972640000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-42793
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2023-42793. In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
FIRST-EPSS: 0.972640000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-0752
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-0752. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.
FIRST-EPSS: 0.954960000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2019-0752
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2019-0752. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.
FIRST-EPSS: 0.954960000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2017-0149
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2017-0149. Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037.
FIRST-EPSS: 0.128150000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2017-0149
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2017-0149. Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037.
FIRST-EPSS: 0.128150000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2022-22536
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2022-22536. SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
FIRST-EPSS: 0.957010000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2022-22536
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2022-22536. SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
FIRST-EPSS: 0.957010000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2016-4171
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2016-4171. Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
FIRST-EPSS: 0.156030000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-4171
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2016-4171. Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
FIRST-EPSS: 0.156030000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2013-2423
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2013-2423. Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.
FIRST-EPSS: 0.974920000
NVD-IS: 2.9
NVD-ES: 8.6
CVE-2013-2423
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2013-2423. Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.
FIRST-EPSS: 0.974920000
NVD-IS: 2.9
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2019-1215
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2019-1215. An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2019-1215
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2019-1215. An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-8195
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2020-8195. Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
FIRST-EPSS: 0.869420000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2020-8195
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2020-8195. Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
FIRST-EPSS: 0.869420000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-18988
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2019-18988. TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.
FIRST-EPSS: 0.002520000
NVD-IS: 5.9
NVD-ES: 1.0
CVE-2019-18988
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2019-18988. TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.
FIRST-EPSS: 0.002520000
NVD-IS: 5.9
NVD-ES: 1.0
#ExploitObserverAlert
CVE-2023-38606
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-38606. This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
FIRST-EPSS: 0.002420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-38606
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-38606. This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
FIRST-EPSS: 0.002420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-40450
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-40450. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.005580000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-40450
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-40450. Win32k Elevation of Privilege Vulnerability
FIRST-EPSS: 0.005580000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2017-11317
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2017-11317. Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
FIRST-EPSS: 0.108060000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-11317
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2017-11317. Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
FIRST-EPSS: 0.108060000
NVD-IS: 5.9
NVD-ES: 3.9