#ExploitObserverAlert
CVE-1999-0508
DESCRIPTION: Exploit Observer has 2 entries related to CVE-1999-0508. An account on a router, firewall, or other network device has a default, null, blank, or missing password.
FIRST-EPSS: 0.007170000
NVD-IS: 6.4
NVD-ES: 3.9
CVE-1999-0508
DESCRIPTION: Exploit Observer has 2 entries related to CVE-1999-0508. An account on a router, firewall, or other network device has a default, null, blank, or missing password.
FIRST-EPSS: 0.007170000
NVD-IS: 6.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-39539
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-39539.
CVE-2023-39539
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-39539.
#ExploitObserverAlert
CVE-2017-8529
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-8529. Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".
FIRST-EPSS: 0.002190000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2017-8529
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-8529. Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".
FIRST-EPSS: 0.002190000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-1999-0516
DESCRIPTION: Exploit Observer has 1 entries related to CVE-1999-0516. An SNMP community name is guessable.
FIRST-EPSS: 0.015000000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-1999-0516
DESCRIPTION: Exploit Observer has 1 entries related to CVE-1999-0516. An SNMP community name is guessable.
FIRST-EPSS: 0.015000000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2022-0492
DESCRIPTION: Exploit Observer has 56 entries related to CVE-2022-0492. A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-0492
DESCRIPTION: Exploit Observer has 56 entries related to CVE-2022-0492. A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-26136
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-26136. Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
FIRST-EPSS: 0.001730000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-26136
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-26136. Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
FIRST-EPSS: 0.001730000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-phhr-cqm7-gjv6
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-PHHR-CQM7-GJV6.
GHSS: 8.8
GHSA-phhr-cqm7-gjv6
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-PHHR-CQM7-GJV6.
GHSS: 8.8
#ExploitObserverAlert
CVE-2022-1026
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-1026. Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
FIRST-EPSS: 0.010110000
NVD-IS: 4.0
NVD-ES: 3.9
CVE-2022-1026
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-1026. Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
FIRST-EPSS: 0.010110000
NVD-IS: 4.0
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-w4pv-p6xf-qc53
DESCRIPTION: Exploit Observer has 119 entries related to GHSA-W4PV-P6XF-QC53.
GHSS: 9.8
GHSA-w4pv-p6xf-qc53
DESCRIPTION: Exploit Observer has 119 entries related to GHSA-W4PV-P6XF-QC53.
GHSS: 9.8
#ExploitObserverAlert
CVE-2017-1000028
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2017-1000028. Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
FIRST-EPSS: 0.975160000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2017-1000028
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2017-1000028. Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
FIRST-EPSS: 0.975160000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-28432
DESCRIPTION: Exploit Observer has 42 entries related to CVE-2023-28432. Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
FIRST-EPSS: 0.156100000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-28432
DESCRIPTION: Exploit Observer has 42 entries related to CVE-2023-28432. Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
FIRST-EPSS: 0.156100000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-28017
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28017.
CVE-2023-28017
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28017.
#ExploitObserverAlert
CVE-2023-24078
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-24078. Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.
FIRST-EPSS: 0.003400000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-24078
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-24078. Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.
FIRST-EPSS: 0.003400000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-rqpg-32gg-fvxh
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-RQPG-32GG-FVXH.
GHSS: 7.3
GHSA-rqpg-32gg-fvxh
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-RQPG-32GG-FVXH.
GHSS: 7.3
#ExploitObserverAlert
CVE-2022-45362
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-45362.
CVE-2022-45362
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-45362.
#ExploitObserverAlert
CVE-2010-0738
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2010-0738. The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
FIRST-EPSS: 0.974330000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2010-0738
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2010-0738. The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
FIRST-EPSS: 0.974330000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2022-26133
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2022-26133. SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
FIRST-EPSS: 0.009980000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-26133
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2022-26133. SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
FIRST-EPSS: 0.009980000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-41678
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-41678. Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler
CVE-2022-41678
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-41678. Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler
#ExploitObserverAlert
CVE-2019-12409
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2019-12409. The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.
FIRST-EPSS: 0.055400000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-12409
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2019-12409. The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.
FIRST-EPSS: 0.055400000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-11358
DESCRIPTION: Exploit Observer has 3667 entries related to CVE-2019-11358. jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
FIRST-EPSS: 0.029520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2019-11358
DESCRIPTION: Exploit Observer has 3667 entries related to CVE-2019-11358. jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
FIRST-EPSS: 0.029520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2014-6271
DESCRIPTION: Exploit Observer has 751 entries related to CVE-2014-6271. GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
FIRST-EPSS: 0.975680000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2014-6271
DESCRIPTION: Exploit Observer has 751 entries related to CVE-2014-6271. GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
FIRST-EPSS: 0.975680000
NVD-IS: 5.9
NVD-ES: 3.9