#ExploitObserverAlert
CVE-2019-0211
DESCRIPTION: Exploit Observer has 81 entries related to CVE-2019-0211. In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
FIRST-EPSS: 0.974190000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2019-0211
DESCRIPTION: Exploit Observer has 81 entries related to CVE-2019-0211. In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
FIRST-EPSS: 0.974190000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-5849
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2020-5849. Unraid 6.8.0 allows authentication bypass.
FIRST-EPSS: 0.972030000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-5849
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2020-5849. Unraid 6.8.0 allows authentication bypass.
FIRST-EPSS: 0.972030000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-5753
DESCRIPTION: Exploit Observer has 166 entries related to CVE-2017-5753. Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
FIRST-EPSS: 0.975510000
NVD-IS: 4.0
NVD-ES: 1.1
CVE-2017-5753
DESCRIPTION: Exploit Observer has 166 entries related to CVE-2017-5753. Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
FIRST-EPSS: 0.975510000
NVD-IS: 4.0
NVD-ES: 1.1
#ExploitObserverAlert
CVE-2020-25803
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-25803. Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.
FIRST-EPSS: 0.001040000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2020-25803
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-25803. Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.
FIRST-EPSS: 0.001040000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2020-13487
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2020-13487. The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.
FIRST-EPSS: 0.002670000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2020-13487
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2020-13487. The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.
FIRST-EPSS: 0.002670000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2020-1921
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-1921. In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
FIRST-EPSS: 0.001100000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-1921
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-1921. In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
FIRST-EPSS: 0.001100000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-13088
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2017-13088. Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
FIRST-EPSS: 0.001360000
NVD-IS: 3.6
NVD-ES: 1.6
CVE-2017-13088
DESCRIPTION: Exploit Observer has 29 entries related to CVE-2017-13088. Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
FIRST-EPSS: 0.001360000
NVD-IS: 3.6
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2020-35272
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-35272. Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.
FIRST-EPSS: 0.000910000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2020-35272
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-35272. Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.
FIRST-EPSS: 0.000910000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2017-1000250
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2017-1000250. All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
FIRST-EPSS: 0.003450000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2017-1000250
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2017-1000250. All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
FIRST-EPSS: 0.003450000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-32629
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2023-32629. Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-32629
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2023-32629. Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2017-0783
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2017-0783. A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.
FIRST-EPSS: 0.000920000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2017-0783
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2017-0783. A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.
FIRST-EPSS: 0.000920000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2018-2636
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2018-2636. Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.673840000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2018-2636
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2018-2636. Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.673840000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2020-8203
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2020-8203. Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
FIRST-EPSS: 0.010360000
NVD-IS: 5.2
NVD-ES: 2.2
CVE-2020-8203
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2020-8203. Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
FIRST-EPSS: 0.010360000
NVD-IS: 5.2
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2022-30965
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-30965. Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
FIRST-EPSS: 0.000770000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2022-30965
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-30965. Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
FIRST-EPSS: 0.000770000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2021-44228
DESCRIPTION: Exploit Observer has 1853 entries related to CVE-2021-44228. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
FIRST-EPSS: 0.974540000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2021-44228
DESCRIPTION: Exploit Observer has 1853 entries related to CVE-2021-44228. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
FIRST-EPSS: 0.974540000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-5715
DESCRIPTION: Exploit Observer has 195 entries related to CVE-2017-5715. Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
FIRST-EPSS: 0.975150000
NVD-IS: 4.0
NVD-ES: 1.1
CVE-2017-5715
DESCRIPTION: Exploit Observer has 195 entries related to CVE-2017-5715. Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
FIRST-EPSS: 0.975150000
NVD-IS: 4.0
NVD-ES: 1.1
#ExploitObserverAlert
CVE-2011-4327
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2011-4327. ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
FIRST-EPSS: 0.000420000
NVD-IS: 2.9
NVD-ES: 3.9
CVE-2011-4327
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2011-4327. ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
FIRST-EPSS: 0.000420000
NVD-IS: 2.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2012-0394
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2012-0394. The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
FIRST-EPSS: 0.945150000
NVD-IS: 6.4
NVD-ES: 8.6
CVE-2012-0394
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2012-0394. The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
FIRST-EPSS: 0.945150000
NVD-IS: 6.4
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2017-0146
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2017-0146. The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.
FIRST-EPSS: 0.971460000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2017-0146
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2017-0146. The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.
FIRST-EPSS: 0.971460000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-31048
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-31048.
FIRST-EPSS: 0.000450000
CVE-2023-31048
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-31048.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2020-13238
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-13238. Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.
FIRST-EPSS: 0.002600000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-13238
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-13238. Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.
FIRST-EPSS: 0.002600000
NVD-IS: 3.6
NVD-ES: 3.9