#ExploitObserverAlert
CVE-2019-17564
DESCRIPTION: Exploit Observer has 38 entries related to CVE-2019-17564. Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.
FIRST-EPSS: 0.029430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-17564
DESCRIPTION: Exploit Observer has 38 entries related to CVE-2019-17564. Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.
FIRST-EPSS: 0.029430000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-16850
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-16850. Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
FIRST-EPSS: 0.000770000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-16850
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-16850. Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
FIRST-EPSS: 0.000770000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-5638
DESCRIPTION: Exploit Observer has 345 entries related to CVE-2017-5638. The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a
CVE-2017-5638
DESCRIPTION: Exploit Observer has 345 entries related to CVE-2017-5638. The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a
#ExploitObserverAlert
CVE-2015-2208
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2015-2208. The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.
FIRST-EPSS: 0.968030000
NVD-IS: 6.4
NVD-ES: 10.0
CVE-2015-2208
DESCRIPTION: Exploit Observer has 21 entries related to CVE-2015-2208. The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.
FIRST-EPSS: 0.968030000
NVD-IS: 6.4
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2020-12873
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-12873. An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.
FIRST-EPSS: 0.000840000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-12873
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-12873. An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.
FIRST-EPSS: 0.000840000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-37434
DESCRIPTION: Exploit Observer has 54 entries related to CVE-2022-37434. zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
FIRST-EPSS: 0.004010000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-37434
DESCRIPTION: Exploit Observer has 54 entries related to CVE-2022-37434. zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
FIRST-EPSS: 0.004010000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-10234
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-10234. The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected.
FIRST-EPSS: 0.001280000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2020-10234
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-10234. The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected.
FIRST-EPSS: 0.001280000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-1967
DESCRIPTION: Exploit Observer has 57 entries related to CVE-2020-1967. Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
FIRST-EPSS: 0.099530000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-1967
DESCRIPTION: Exploit Observer has 57 entries related to CVE-2020-1967. Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
FIRST-EPSS: 0.099530000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-12122
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-12122. In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-12122
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-12122. In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2013-4316
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2013-4316. Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
FIRST-EPSS: 0.008710000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2013-4316
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2013-4316. Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
FIRST-EPSS: 0.008710000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2023-21768
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2023-21768. Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
FIRST-EPSS: 0.016680000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-21768
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2023-21768. Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
FIRST-EPSS: 0.016680000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-10214
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-10214. An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server.
FIRST-EPSS: 0.001210000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-10214
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-10214. An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server.
FIRST-EPSS: 0.001210000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-46214
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-46214. In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
FIRST-EPSS: 0.144520000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-46214
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-46214. In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
FIRST-EPSS: 0.144520000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2017-13082
DESCRIPTION: Exploit Observer has 33 entries related to CVE-2017-13082. Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
FIRST-EPSS: 0.001220000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2017-13082
DESCRIPTION: Exploit Observer has 33 entries related to CVE-2017-13082. Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
FIRST-EPSS: 0.001220000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-6537
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2020-6537. Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
FIRST-EPSS: 0.005210000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-6537
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2020-6537. Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
FIRST-EPSS: 0.005210000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-25592
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-25592. In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
FIRST-EPSS: 0.450680000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-25592
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-25592. In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
FIRST-EPSS: 0.450680000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-36884
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-36884. The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
FIRST-EPSS: 0.000750000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2022-36884
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-36884. The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
FIRST-EPSS: 0.000750000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-15361
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2017-15361. The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
FIRST-EPSS: 0.003580000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2017-15361
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2017-15361. The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
FIRST-EPSS: 0.003580000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-25194
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2023-25194. A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0. When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector client override policy that permits them. Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka Connect 3.4.0. We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally, in addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.
FIRST-EPSS: 0.908370000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-25194
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2023-25194. A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0. When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector client override policy that permits them. Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka Connect 3.4.0. We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally, in addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.
FIRST-EPSS: 0.908370000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-1948
DESCRIPTION: Exploit Observer has 31 entries related to CVE-2020-1948. This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.
FIRST-EPSS: 0.004080000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-1948
DESCRIPTION: Exploit Observer has 31 entries related to CVE-2020-1948. This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.
FIRST-EPSS: 0.004080000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-40982
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2022-40982. Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
FIRST-EPSS: 0.001050000
NVD-IS: 4.0
NVD-ES: 2.0
CVE-2022-40982
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2022-40982. Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
FIRST-EPSS: 0.001050000
NVD-IS: 4.0
NVD-ES: 2.0