#ExploitObserverAlert
CVE-2023-50093
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50093. APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.
CVE-2023-50093
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-50093. APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.
#ExploitObserverAlert
CVE-2023-5138
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-5138. Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.
CVE-2023-5138
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-5138. Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.
#ExploitObserverAlert
GHSA-cfph-4qqh-w828
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-CFPH-4QQH-W828. Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.
GHSS: 6.9
GHSA-cfph-4qqh-w828
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-CFPH-4QQH-W828. Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.
GHSS: 6.9
#ExploitObserverAlert
GHSA-264p-99wq-f4j6
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-264P-99WQ-F4J6. A potential denial-of-service issue exists in ion-java for applications that use ion-java to:
GHSS: 7.5
GHSA-264p-99wq-f4j6
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-264P-99WQ-F4J6. A potential denial-of-service issue exists in ion-java for applications that use ion-java to:
GHSS: 7.5
#ExploitObserverAlert
CVE-2023-6338
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6338. Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-6338
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-6338. Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-38676
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38676. Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38676
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-38676. Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-37607
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-37607. Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to obtain sensitive information.
CVE-2023-37607
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-37607. Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to obtain sensitive information.
#ExploitObserverAlert
CVE-2023-6498
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6498. The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVE-2023-6498
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-6498. The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
#ExploitObserverAlert
CVE-2023-30617
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-30617. Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.
CVE-2023-30617
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-30617. Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.
#ExploitObserverAlert
CVE-2023-50090
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50090. Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.
CVE-2023-50090
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-50090. Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.
#ExploitObserverAlert
GHSA-f8mp-x433-5wpf
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-F8MP-X433-5WPF. The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker.
GHSS: 9.3
GHSA-f8mp-x433-5wpf
DESCRIPTION: Exploit Observer has 5 entries related to GHSA-F8MP-X433-5WPF. The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker.
GHSS: 9.3
#ExploitObserverAlert
PD/http/misconfiguration/cookies-without-httponly
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/misconfiguration/cookies-without-httponly. Checks whether cookies in the HTTP response contain the HttpOnly attribute. If the HttpOnly flag is set, it means that the cookie is HTTP-only
PD/http/misconfiguration/cookies-without-httponly
DESCRIPTION: Exploit Observer has 1 entries related to PD/http/misconfiguration/cookies-without-httponly. Checks whether cookies in the HTTP response contain the HttpOnly attribute. If the HttpOnly flag is set, it means that the cookie is HTTP-only
#ExploitObserverAlert
GHSA-r6r4-5pr8-gjcp
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-R6R4-5PR8-GJCP. Vapor's vapor_urlparser_parse function uses uint16_t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs.
GHSS: 6.5
GHSA-r6r4-5pr8-gjcp
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-R6R4-5PR8-GJCP. Vapor's vapor_urlparser_parse function uses uint16_t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs.
GHSS: 6.5
#ExploitObserverAlert
CVE-2023-5881
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5881. Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings.
CVE-2023-5881
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5881. Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings.
#ExploitObserverAlert
CVE-2023-52313
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52313. FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52313
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52313. FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
#ExploitObserverAlert
CVE-2023-45559
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45559. An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
CVE-2023-45559
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45559. An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
#ExploitObserverAlert
GHSA-27wg-99g8-2v4v
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-27WG-99G8-2V4V. In rust-evm, a feature called record_external_operation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack.
GHSS: 5.9
GHSA-27wg-99g8-2v4v
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-27WG-99G8-2V4V. In rust-evm, a feature called record_external_operation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack.
GHSS: 5.9
#ExploitObserverAlert
GHSA-5g66-628f-7cvj
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-5G66-628F-7CVJ. The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier
GHSS: 8.6
GHSA-5g66-628f-7cvj
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-5G66-628F-7CVJ. The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier
GHSS: 8.6
#ExploitObserverAlert
CVE-2023-52311
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52311. PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52311
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52311. PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
#ExploitObserverAlert
CVE-2022-24442
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-24442. JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
FIRST-EPSS: 0.002210000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-24442
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-24442. JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
FIRST-EPSS: 0.002210000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-52308
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52308. FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52308
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-52308. FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.