#ExploitObserverAlert
CVE-2020-9964
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-9964. A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2020-9964
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-9964. A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-3628
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-3628. A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
CVE-2023-3628
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-3628. A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
#ExploitObserverAlert
CVE-2023-5115
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5115.
CVE-2023-5115
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5115.
#ExploitObserverAlert
GHSA-p8vh-85vc-66x9
DESCRIPTION: Exploit Observer has 8 entries related to GHSA-P8VH-85VC-66X9.
GHSS: 4.3
GHSA-p8vh-85vc-66x9
DESCRIPTION: Exploit Observer has 8 entries related to GHSA-P8VH-85VC-66X9.
GHSS: 4.3
#ExploitObserverAlert
CVE-2018-5767
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-5767. An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
FIRST-EPSS: 0.070380000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-5767
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-5767. An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
FIRST-EPSS: 0.070380000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-vmc2-j3gf-mvpp
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-VMC2-J3GF-MVPP. In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
GHSS: 5.5
GHSA-vmc2-j3gf-mvpp
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-VMC2-J3GF-MVPP. In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
GHSS: 5.5
#ExploitObserverAlert
CVE-2022-25813
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-25813. In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.
FIRST-EPSS: 0.004820000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-25813
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-25813. In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.
FIRST-EPSS: 0.004820000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-12124
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-12124. A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
FIRST-EPSS: 0.002690000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-12124
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-12124. A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
FIRST-EPSS: 0.002690000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-3693
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-3693. LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
FIRST-EPSS: 0.018710000
NVD-IS: 6.0
NVD-ES: 2.8
CVE-2021-3693
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-3693. LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
FIRST-EPSS: 0.018710000
NVD-IS: 6.0
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-5236
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5236. A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
CVE-2023-5236
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5236. A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
#ExploitObserverAlert
CVE-2023-5808
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5808. SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.
FIRST-EPSS: 0.000490000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-5808
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5808. SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.
FIRST-EPSS: 0.000490000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-49070
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-49070. Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10
FIRST-EPSS: 0.501170000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-49070
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-49070. Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10
FIRST-EPSS: 0.501170000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-6289
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6289.
CVE-2023-6289
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6289.
#ExploitObserverAlert
GHSA-pcgm-9vcp-6328
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-PCGM-9VCP-6328.
GHSS: 7.8
GHSA-pcgm-9vcp-6328
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-PCGM-9VCP-6328.
GHSS: 7.8
#ExploitObserverAlert
GHSA-rcjw-44p8-ppj6
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-RCJW-44P8-PPJ6.
GHSS: 9.0
GHSA-rcjw-44p8-ppj6
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-RCJW-44P8-PPJ6.
GHSS: 9.0
#ExploitObserverAlert
CVE-2022-29063
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-29063. The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.
FIRST-EPSS: 0.015670000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-29063
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-29063. The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.
FIRST-EPSS: 0.015670000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-50917
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50917. MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.
FIRST-EPSS: 0.000420000
CVE-2023-50917
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50917. MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.
FIRST-EPSS: 0.000420000
#ExploitObserverAlert
CVE-2023-47119
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-47119. Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-47119
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-47119. Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
FIRST-EPSS: 0.000520000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-45967
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-45967. An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
FIRST-EPSS: 0.740390000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-45967
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-45967. An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
FIRST-EPSS: 0.740390000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-1337
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-1337. The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-1337
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-1337. The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-41763
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41763. Skype for Business Elevation of Privilege Vulnerability
FIRST-EPSS: 0.007470000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-41763
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41763. Skype for Business Elevation of Privilege Vulnerability
FIRST-EPSS: 0.007470000
NVD-IS: 1.4
NVD-ES: 3.9