#ExploitObserverAlert
CVE-2003-0358
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2003-0358. Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
FIRST-EPSS: 0.000420000
NVD-IS: 6.4
NVD-ES: 3.9
CVE-2003-0358
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2003-0358. Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
FIRST-EPSS: 0.000420000
NVD-IS: 6.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-24765
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-24765. InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request.
FIRST-EPSS: 0.013530000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-24765
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-24765. InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request.
FIRST-EPSS: 0.013530000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-7314
DESCRIPTION: Exploit Observer has 22 entries related to CVE-2019-7314. liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
FIRST-EPSS: 0.024370000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-7314
DESCRIPTION: Exploit Observer has 22 entries related to CVE-2019-7314. liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
FIRST-EPSS: 0.024370000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4504
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4504. Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
FIRST-EPSS: 0.001030000
NVD-IS: 5.9
NVD-ES: 1.0
CVE-2023-4504
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4504. Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
FIRST-EPSS: 0.001030000
NVD-IS: 5.9
NVD-ES: 1.0
#ExploitObserverAlert
CVE-2018-8373
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-8373. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
FIRST-EPSS: 0.965440000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2018-8373
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2018-8373. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
FIRST-EPSS: 0.965440000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2020-14645
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2020-14645. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.040850000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-14645
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2020-14645. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.040850000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-4001
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-4001. The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.
FIRST-EPSS: 0.001820000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-4001
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-4001. The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.
FIRST-EPSS: 0.001820000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-1002000
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2017-1002000. Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
FIRST-EPSS: 0.065800000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-1002000
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2017-1002000. Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
FIRST-EPSS: 0.065800000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-44877
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2022-44877. login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
FIRST-EPSS: 0.974350000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-44877
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2022-44877. login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
FIRST-EPSS: 0.974350000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-3449
DESCRIPTION: Exploit Observer has 57 entries related to CVE-2021-3449. An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
FIRST-EPSS: 0.003070000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2021-3449
DESCRIPTION: Exploit Observer has 57 entries related to CVE-2021-3449. An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
FIRST-EPSS: 0.003070000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2020-4000
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-4000. The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.
FIRST-EPSS: 0.001270000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-4000
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-4000. The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.
FIRST-EPSS: 0.001270000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2017-11882
DESCRIPTION: Exploit Observer has 246 entries related to CVE-2017-11882. Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
FIRST-EPSS: 0.974220000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2017-11882
DESCRIPTION: Exploit Observer has 246 entries related to CVE-2017-11882. Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
FIRST-EPSS: 0.974220000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-20338
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-20338. In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843
FIRST-EPSS: 0.000420000
NVD-IS: 1.4
NVD-ES: 1.8
CVE-2022-20338
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-20338. In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843
FIRST-EPSS: 0.000420000
NVD-IS: 1.4
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2017-1000405
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2017-1000405. The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.
FIRST-EPSS: 0.001790000
NVD-IS: 5.9
NVD-ES: 1.0
CVE-2017-1000405
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2017-1000405. The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.
FIRST-EPSS: 0.001790000
NVD-IS: 5.9
NVD-ES: 1.0
#ExploitObserverAlert
CVE-2023-44270
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-44270. An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.
FIRST-EPSS: 0.000520000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-44270
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-44270. An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.
FIRST-EPSS: 0.000520000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-2769
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2019-2769. Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
FIRST-EPSS: 0.001410000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2019-2769
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2019-2769. Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
FIRST-EPSS: 0.001410000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-47102
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-47102. UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-47102
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-47102. UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-2432
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-2432. Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
FIRST-EPSS: 0.001350000
NVD-IS: 1.4
NVD-ES: 2.2
CVE-2021-2432
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2021-2432. Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
FIRST-EPSS: 0.001350000
NVD-IS: 1.4
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2017-3000
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2017-3000. Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.
FIRST-EPSS: 0.002190000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2017-3000
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2017-3000. Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.
FIRST-EPSS: 0.002190000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-2933
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2019-2933. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
FIRST-EPSS: 0.002390000
NVD-IS: 1.4
NVD-ES: 1.6
CVE-2019-2933
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2019-2933. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
FIRST-EPSS: 0.002390000
NVD-IS: 1.4
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2023-4357
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4357. Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.001100000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-4357
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4357. Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.001100000
NVD-IS: 5.9
NVD-ES: 2.8