#ExploitObserverAlert
CVE-2023-46214
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-46214. In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
FIRST-EPSS: 0.144520000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-46214
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-46214. In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
FIRST-EPSS: 0.144520000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2017-13082
DESCRIPTION: Exploit Observer has 33 entries related to CVE-2017-13082. Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
FIRST-EPSS: 0.001220000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2017-13082
DESCRIPTION: Exploit Observer has 33 entries related to CVE-2017-13082. Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
FIRST-EPSS: 0.001220000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-6537
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2020-6537. Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
FIRST-EPSS: 0.005210000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-6537
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2020-6537. Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
FIRST-EPSS: 0.005210000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-25592
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-25592. In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
FIRST-EPSS: 0.450680000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-25592
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-25592. In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
FIRST-EPSS: 0.450680000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-36884
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-36884. The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
FIRST-EPSS: 0.000750000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2022-36884
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-36884. The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
FIRST-EPSS: 0.000750000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-15361
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2017-15361. The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
FIRST-EPSS: 0.003580000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2017-15361
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2017-15361. The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
FIRST-EPSS: 0.003580000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-25194
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2023-25194. A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0. When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector client override policy that permits them. Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka Connect 3.4.0. We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally, in addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.
FIRST-EPSS: 0.908370000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-25194
DESCRIPTION: Exploit Observer has 20 entries related to CVE-2023-25194. A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0. When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector client override policy that permits them. Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka Connect 3.4.0. We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally, in addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.
FIRST-EPSS: 0.908370000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-1948
DESCRIPTION: Exploit Observer has 31 entries related to CVE-2020-1948. This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.
FIRST-EPSS: 0.004080000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-1948
DESCRIPTION: Exploit Observer has 31 entries related to CVE-2020-1948. This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.
FIRST-EPSS: 0.004080000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-40982
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2022-40982. Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
FIRST-EPSS: 0.001050000
NVD-IS: 4.0
NVD-ES: 2.0
CVE-2022-40982
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2022-40982. Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
FIRST-EPSS: 0.001050000
NVD-IS: 4.0
NVD-ES: 2.0
#ExploitObserverAlert
CVE-2023-23752
DESCRIPTION: Exploit Observer has 94 entries related to CVE-2023-23752. An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
FIRST-EPSS: 0.695490000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-23752
DESCRIPTION: Exploit Observer has 94 entries related to CVE-2023-23752. An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
FIRST-EPSS: 0.695490000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2014-7187
DESCRIPTION: Exploit Observer has 146 entries related to CVE-2014-7187. Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
FIRST-EPSS: 0.973790000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2014-7187
DESCRIPTION: Exploit Observer has 146 entries related to CVE-2014-7187. Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
FIRST-EPSS: 0.973790000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2018-25031
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2018-25031. Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
FIRST-EPSS: 0.002650000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2018-25031
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2018-25031. Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
FIRST-EPSS: 0.002650000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-5902
DESCRIPTION: Exploit Observer has 277 entries related to CVE-2020-5902. In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
FIRST-EPSS: 0.975550000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-5902
DESCRIPTION: Exploit Observer has 277 entries related to CVE-2020-5902. In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
FIRST-EPSS: 0.975550000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-4034
DESCRIPTION: Exploit Observer has 535 entries related to CVE-2021-4034. A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
FIRST-EPSS: 0.000460000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-4034
DESCRIPTION: Exploit Observer has 535 entries related to CVE-2021-4034. A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
FIRST-EPSS: 0.000460000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-16846
DESCRIPTION: Exploit Observer has 47 entries related to CVE-2020-16846. An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
FIRST-EPSS: 0.975160000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-16846
DESCRIPTION: Exploit Observer has 47 entries related to CVE-2020-16846. An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
FIRST-EPSS: 0.975160000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-38784
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2022-38784. Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
FIRST-EPSS: 0.001060000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-38784
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2022-38784. Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
FIRST-EPSS: 0.001060000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-20038
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2021-20038. A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
FIRST-EPSS: 0.956350000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-20038
DESCRIPTION: Exploit Observer has 19 entries related to CVE-2021-20038. A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
FIRST-EPSS: 0.956350000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-10215
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-10215. An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
FIRST-EPSS: 0.003270000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-10215
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-10215. An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
FIRST-EPSS: 0.003270000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-48303
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2022-48303. GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2022-48303
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2022-48303. GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-9493
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-9493. A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
FIRST-EPSS: 0.010600000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-9493
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2020-9493. A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
FIRST-EPSS: 0.010600000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-13086
DESCRIPTION: Exploit Observer has 26 entries related to CVE-2017-13086. Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
FIRST-EPSS: 0.001660000
NVD-IS: 5.2
NVD-ES: 1.6
CVE-2017-13086
DESCRIPTION: Exploit Observer has 26 entries related to CVE-2017-13086. Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
FIRST-EPSS: 0.001660000
NVD-IS: 5.2
NVD-ES: 1.6