#ExploitObserverAlert
CVE-2023-45152
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45152. Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.
FIRST-EPSS: 0.000430000
NVD-IS: 1.4
NVD-ES: 0.8
CVE-2023-45152
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-45152. Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.
FIRST-EPSS: 0.000430000
NVD-IS: 1.4
NVD-ES: 0.8
#ExploitObserverAlert
CVE-2023-49285
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-49285. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.013880000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-49285
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-49285. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.013880000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-23491
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-23491. Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-23491
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-23491. Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-22087
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2024-22087. route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.
CVE-2024-22087
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2024-22087. route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.
#ExploitObserverAlert
CVE-2015-0014
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2015-0014. Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability."
FIRST-EPSS: 0.875790000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2015-0014
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2015-0014. Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability."
FIRST-EPSS: 0.875790000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2021-22968
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-22968. A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it's possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration.To fix this, a check for allowed file extensions was added before downloading files to a tmp directory.Concrete CMS Security Team gave this a CVSS v3.1 score of 5.4 AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NThis fix is also in Concrete version 9.0.0
FIRST-EPSS: 0.009040000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2021-22968
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-22968. A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it's possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration.To fix this, a check for allowed file extensions was added before downloading files to a tmp directory.Concrete CMS Security Team gave this a CVSS v3.1 score of 5.4 AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NThis fix is also in Concrete version 9.0.0
FIRST-EPSS: 0.009040000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2021-24284
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-24284. The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.
FIRST-EPSS: 0.967600000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-24284
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-24284. The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.
FIRST-EPSS: 0.967600000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-45659
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-45659. Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
NVD-IS: 1.4
NVD-ES: 1.3
CVE-2023-45659
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-45659. Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000430000
NVD-IS: 1.4
NVD-ES: 1.3
#ExploitObserverAlert
CVE-2024-21907
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2024-21907. Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
CVE-2024-21907
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2024-21907. Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
#ExploitObserverAlert
CVE-2021-36765
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-36765. In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.
FIRST-EPSS: 0.001500000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-36765
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-36765. In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.
FIRST-EPSS: 0.001500000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-2851
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2020-2851. Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
FIRST-EPSS: 0.000910000
NVD-IS: 6.0
NVD-ES: 1.1
CVE-2020-2851
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2020-2851. Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
FIRST-EPSS: 0.000910000
NVD-IS: 6.0
NVD-ES: 1.1
#ExploitObserverAlert
CVE-2022-1310
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-1310. Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.002390000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-1310
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-1310. Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.002390000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-20594
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-20594. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names.
FIRST-EPSS: 0.002510000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-20594
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-20594. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names.
FIRST-EPSS: 0.002510000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-17086
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-17086. Raw Image Extension Remote Code Execution Vulnerability
FIRST-EPSS: 0.100700000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-17086
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-17086. Raw Image Extension Remote Code Execution Vulnerability
FIRST-EPSS: 0.100700000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-20597
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-20597. Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.
FIRST-EPSS: 0.003190000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2021-20597
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-20597. Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.
FIRST-EPSS: 0.003190000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-1337
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-1337. Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
FIRST-EPSS: 0.002210000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2021-1337
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-1337. Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
FIRST-EPSS: 0.002210000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2022-39299
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-39299. Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before version 4.0.0-beta.5. If you cannot upgrade, disabling SAML authentication may be done as a workaround.
FIRST-EPSS: 0.007470000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2022-39299
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-39299. Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before version 4.0.0-beta.5. If you cannot upgrade, disabling SAML authentication may be done as a workaround.
FIRST-EPSS: 0.007470000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2022-31459
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-31459. Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.
FIRST-EPSS: 0.000650000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2022-31459
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2022-31459. Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.
FIRST-EPSS: 0.000650000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-9710
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2019-9710. An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests.
FIRST-EPSS: 0.002240000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2019-9710
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2019-9710. An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests.
FIRST-EPSS: 0.002240000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2024-0260
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0260. A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816.
CVE-2024-0260
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0260. A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816.
#ExploitObserverAlert
CVE-2021-3447
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-3447. A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.
FIRST-EPSS: 0.000470000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2021-3447
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-3447. A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.
FIRST-EPSS: 0.000470000
NVD-IS: 3.6
NVD-ES: 1.8