#ExploitObserverAlert
CVE-2020-8694
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2020-8694. Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2020-8694
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2020-8694. Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-8339
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2019-8339. An issue was discovered in Falco through 0.14.0. A missing indicator for insufficient resources allows local users to bypass the detection engine.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2019-8339
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2019-8339. An issue was discovered in Falco through 0.14.0. A missing indicator for insufficient resources allows local users to bypass the detection engine.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-42321
DESCRIPTION: Exploit Observer has 36 entries related to CVE-2021-42321. Microsoft Exchange Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.913120000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-42321
DESCRIPTION: Exploit Observer has 36 entries related to CVE-2021-42321. Microsoft Exchange Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.913120000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-1934
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2020-1934. In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
FIRST-EPSS: 0.001320000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2020-1934
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2020-1934. In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
FIRST-EPSS: 0.001320000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-2555
DESCRIPTION: Exploit Observer has 113 entries related to CVE-2020-2555. Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.965730000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-2555
DESCRIPTION: Exploit Observer has 113 entries related to CVE-2020-2555. Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.965730000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-25262
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-25262. PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.
FIRST-EPSS: 0.000990000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2020-25262
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-25262. PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.
FIRST-EPSS: 0.000990000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2017-13080
DESCRIPTION: Exploit Observer has 54 entries related to CVE-2017-13080. Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
FIRST-EPSS: 0.003010000
NVD-IS: 3.6
NVD-ES: 1.6
CVE-2017-13080
DESCRIPTION: Exploit Observer has 54 entries related to CVE-2017-13080. Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
FIRST-EPSS: 0.003010000
NVD-IS: 3.6
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2023-41266
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41266. A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
FIRST-EPSS: 0.526000000
NVD-IS: 2.5
NVD-ES: 3.9
CVE-2023-41266
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41266. A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
FIRST-EPSS: 0.526000000
NVD-IS: 2.5
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-36074
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-36074. SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the title parameter.
FIRST-EPSS: 0.000600000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-36074
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-36074. SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the title parameter.
FIRST-EPSS: 0.000600000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2017-0144
DESCRIPTION: Exploit Observer has 125 entries related to CVE-2017-0144. The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
FIRST-EPSS: 0.974460000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2017-0144
DESCRIPTION: Exploit Observer has 125 entries related to CVE-2017-0144. The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
FIRST-EPSS: 0.974460000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2013-2251
DESCRIPTION: Exploit Observer has 71 entries related to CVE-2013-2251. Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
FIRST-EPSS: 0.974320000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2013-2251
DESCRIPTION: Exploit Observer has 71 entries related to CVE-2013-2251. Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
FIRST-EPSS: 0.974320000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2020-16040
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2020-16040. Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.261320000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2020-16040
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2020-16040. Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.261320000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2017-13084
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2017-13084. Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
FIRST-EPSS: 0.001670000
NVD-IS: 5.2
NVD-ES: 1.6
CVE-2017-13084
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2017-13084. Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
FIRST-EPSS: 0.001670000
NVD-IS: 5.2
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2019-6788
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2019-6788. An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services.
FIRST-EPSS: 0.002180000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2019-6788
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2019-6788. An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services.
FIRST-EPSS: 0.002180000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-36077
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-36077. SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php file
FIRST-EPSS: 0.000710000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-36077
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-36077. SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php file
FIRST-EPSS: 0.000710000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-25770
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-25770. In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
FIRST-EPSS: 0.008350000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-25770
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-25770. In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
FIRST-EPSS: 0.008350000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-43936
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-43936. The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.
FIRST-EPSS: 0.016150000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-43936
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-43936. The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.
FIRST-EPSS: 0.016150000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-21716
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2023-21716. Microsoft Word Remote Code Execution Vulnerability
FIRST-EPSS: 0.534690000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-21716
DESCRIPTION: Exploit Observer has 45 entries related to CVE-2023-21716. Microsoft Word Remote Code Execution Vulnerability
FIRST-EPSS: 0.534690000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-17602
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2019-17602. An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
FIRST-EPSS: 0.227920000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-17602
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2019-17602. An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
FIRST-EPSS: 0.227920000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-9760
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2019-9760. FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption.
FIRST-EPSS: 0.113380000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-9760
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2019-9760. FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption.
FIRST-EPSS: 0.113380000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-10271
DESCRIPTION: Exploit Observer has 226 entries related to CVE-2017-10271. Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
FIRST-EPSS: 0.974260000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2017-10271
DESCRIPTION: Exploit Observer has 226 entries related to CVE-2017-10271. Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
FIRST-EPSS: 0.974260000
NVD-IS: 3.6
NVD-ES: 3.9