#ExploitObserverAlert
CVE-2017-0147
DESCRIPTION: Exploit Observer has 46 entries related to CVE-2017-0147. The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
FIRST-EPSS: 0.971120000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2017-0147
DESCRIPTION: Exploit Observer has 46 entries related to CVE-2017-0147. The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
FIRST-EPSS: 0.971120000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-0913
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-0913. A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221482 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-0913
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-0913. A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221482 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2015-6806
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2015-6806. The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.
FIRST-EPSS: 0.061200000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2015-6806
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2015-6806. The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.
FIRST-EPSS: 0.061200000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2022-48363
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-48363. In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-48363
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-48363. In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2014-0495
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2014-0495. Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0493.
FIRST-EPSS: 0.018700000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2014-0495
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2014-0495. Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0493.
FIRST-EPSS: 0.018700000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2018-1273
DESCRIPTION: Exploit Observer has 57 entries related to CVE-2018-1273. Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
FIRST-EPSS: 0.974980000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-1273
DESCRIPTION: Exploit Observer has 57 entries related to CVE-2018-1273. Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
FIRST-EPSS: 0.974980000
NVD-IS: 5.9
NVD-ES: 3.9
%23ExploitObserverAlert
CVE-2017-8291
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2017-8291. Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
FIRST-EPSS: 0.254590000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2017-8291
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2017-8291. Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
FIRST-EPSS: 0.254590000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-1010266
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2019-1010266. lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
FIRST-EPSS: 0.003170000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2019-1010266
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2019-1010266. lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
FIRST-EPSS: 0.003170000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-34733
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-34733. A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9
CVE-2023-34733
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-34733. A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9
#ExploitObserverAlert
CVE-2022-22807
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-22807. A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)
FIRST-EPSS: 0.000730000
NVD-IS: 4.0
NVD-ES: 2.8
CVE-2022-22807
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-22807. A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)
FIRST-EPSS: 0.000730000
NVD-IS: 4.0
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-2092
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2092. A vulnerability, which was classified as critical, has been found in SourceCodester Vehicle Service Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226100.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2092
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2092. A vulnerability, which was classified as critical, has been found in SourceCodester Vehicle Service Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226100.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-42919
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2022-42919. Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.
FIRST-EPSS: 0.000440000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-42919
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2022-42919. Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.
FIRST-EPSS: 0.000440000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-2774
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2774. A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229280.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2774
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2774. A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229280.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-23932
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-23932. OpenDDS is an open source C implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-23932
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-23932. OpenDDS is an open source C implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-2775
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2775. A vulnerability was found in code-projects Bus Dispatch and Information System 1.0. It has been classified as critical. This affects an unknown part of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229281 was assigned to this vulnerability.
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-2775
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2775. A vulnerability was found in code-projects Bus Dispatch and Information System 1.0. It has been classified as critical. This affects an unknown part of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229281 was assigned to this vulnerability.
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-30399
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-30399. Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.
FIRST-EPSS: 0.000620000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2023-30399
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-30399. Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.
FIRST-EPSS: 0.000620000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-2951
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2951. A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230112.
FIRST-EPSS: 0.000670000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2023-2951
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2951. A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230112.
FIRST-EPSS: 0.000670000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-26246
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-26246. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-26246
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-26246. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-38633
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-38633. A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
FIRST-EPSS: 0.002740000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-38633
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-38633. A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
FIRST-EPSS: 0.002740000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-2095
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2095. A vulnerability was found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226103.
FIRST-EPSS: 0.000780000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2095
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2095. A vulnerability was found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226103.
FIRST-EPSS: 0.000780000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-24626
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-24626. socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
FIRST-EPSS: 0.000620000
NVD-IS: 4.0
NVD-ES: 2.0
CVE-2023-24626
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-24626. socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
FIRST-EPSS: 0.000620000
NVD-IS: 4.0
NVD-ES: 2.0