#ExploitObserverAlert
CVE-2022-1180
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-1180. Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
FIRST-EPSS: 0.002900000
NVD-IS: 2.5
NVD-ES: 0.9
CVE-2022-1180
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-1180. Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
FIRST-EPSS: 0.002900000
NVD-IS: 2.5
NVD-ES: 0.9
#ExploitObserverAlert
CVE-2024-21633
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2024-21633. Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue.
CVE-2024-21633
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2024-21633. Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue.
#ExploitObserverAlert
CVE-2021-25770
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-25770. In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
FIRST-EPSS: 0.008350000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-25770
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-25770. In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
FIRST-EPSS: 0.008350000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-20598
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-20598. Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password.
FIRST-EPSS: 0.001600000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2021-20598
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-20598. Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password.
FIRST-EPSS: 0.001600000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-46927
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-46927. GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-46927
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-46927. GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2024-0261
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2024-0261. A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability.
CVE-2024-0261
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2024-0261. A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability.
#ExploitObserverAlert
CVE-2023-4069
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-4069. Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.002220000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-4069
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-4069. Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.002220000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-0266
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0266. A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of the argument First Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249822 is the identifier assigned to this vulnerability.
CVE-2024-0266
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0266. A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of the argument First Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249822 is the identifier assigned to this vulnerability.
#ExploitObserverAlert
CVE-2023-41179
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-41179. A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
FIRST-EPSS: 0.008230000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2023-41179
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-41179. A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
FIRST-EPSS: 0.008230000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2022-1941
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2022-1941. A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.
FIRST-EPSS: 0.001400000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-1941
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2022-1941. A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.
FIRST-EPSS: 0.001400000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-25745
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-25745. A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
FIRST-EPSS: 0.001200000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2021-25745
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-25745. A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
FIRST-EPSS: 0.001200000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-39910
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-39910. The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from "bx seed" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against "bx seed" but others disagree. NOTE: this was exploited in the wild in June and July 2023.
FIRST-EPSS: 0.001160000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-39910
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-39910. The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from "bx seed" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against "bx seed" but others disagree. NOTE: this was exploited in the wild in June and July 2023.
FIRST-EPSS: 0.001160000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-51441
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-51441. ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.
CVE-2023-51441
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-51441. ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.
#ExploitObserverAlert
CVE-2024-22086
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2024-22086. handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.
CVE-2024-22086
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2024-22086. handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.
#ExploitObserverAlert
CVE-2023-51448
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-51448. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.
FIRST-EPSS: 0.000710000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-51448
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-51448. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.
FIRST-EPSS: 0.000710000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-11365
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2019-11365. An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.
FIRST-EPSS: 0.326570000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-11365
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2019-11365. An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.
FIRST-EPSS: 0.326570000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-27877
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-27877. An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
FIRST-EPSS: 0.675550000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-27877
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-27877. An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
FIRST-EPSS: 0.675550000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-39838
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-39838. Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.
FIRST-EPSS: 0.003470000
NVD-IS: 4.0
NVD-ES: 3.9
CVE-2022-39838
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-39838. Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.
FIRST-EPSS: 0.003470000
NVD-IS: 4.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-25642
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-25642. ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.
FIRST-EPSS: 0.000950000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-25642
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-25642. ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.
FIRST-EPSS: 0.000950000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-15368
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-15368. AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2020-15368
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-15368. AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-40648
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-40648. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563.
FIRST-EPSS: 0.000660000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-40648
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-40648. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563.
FIRST-EPSS: 0.000660000
NVD-IS: 5.9
NVD-ES: 1.8