#ExploitObserverAlert
CVE-2023-43787
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-43787. A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-43787
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-43787. A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2024-22088
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2024-22088. Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.
CVE-2024-22088
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2024-22088. Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.
#ExploitObserverAlert
CVE-2021-36356
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-36356. KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.
FIRST-EPSS: 0.930090000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-36356
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2021-36356. KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.
FIRST-EPSS: 0.930090000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-23934
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-23934. Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 2.1
CVE-2023-23934
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-23934. Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 2.1
#ExploitObserverAlert
CVE-2022-2493
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-2493. Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
FIRST-EPSS: 0.002200000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2022-2493
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-2493. Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
FIRST-EPSS: 0.002200000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-5838
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-5838. Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-5838
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-5838. Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2017-5878
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2017-5878. The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.
FIRST-EPSS: 0.008450000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-5878
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2017-5878. The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.
FIRST-EPSS: 0.008450000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-45857
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-45857. An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
FIRST-EPSS: 0.000550000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-45857
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-45857. An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
FIRST-EPSS: 0.000550000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-16045
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-16045. Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
FIRST-EPSS: 0.001610000
NVD-IS: 6.0
NVD-ES: 2.8
CVE-2020-16045
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-16045. Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
FIRST-EPSS: 0.001610000
NVD-IS: 6.0
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-25577
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-25577. Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.
FIRST-EPSS: 0.000590000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-25577
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-25577. Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.
FIRST-EPSS: 0.000590000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-0267
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0267. A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249823.
CVE-2024-0267
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2024-0267. A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249823.
#ExploitObserverAlert
CVE-2021-24443
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-24443. The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example.
FIRST-EPSS: 0.000580000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2021-24443
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-24443. The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example.
FIRST-EPSS: 0.000580000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-45573
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-45573. Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
FIRST-EPSS: 0.002020000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-45573
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-45573. Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
FIRST-EPSS: 0.002020000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-8097
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-8097. io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter.
FIRST-EPSS: 0.009270000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2018-8097
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-8097. io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter.
FIRST-EPSS: 0.009270000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-43786
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-43786. A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-43786
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-43786. A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2017-6884
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2017-6884. A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.
FIRST-EPSS: 0.973780000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2017-6884
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2017-6884. A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.
FIRST-EPSS: 0.973780000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-7208
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-7208. A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-7208
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-7208. A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
#ExploitObserverAlert
CVE-2021-44026
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2021-44026. Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
FIRST-EPSS: 0.008420000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-44026
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2021-44026. Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
FIRST-EPSS: 0.008420000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-22265
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-22265. An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
FIRST-EPSS: 0.000690000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-22265
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-22265. An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
FIRST-EPSS: 0.000690000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-3138
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-3138. A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.
FIRST-EPSS: 0.000470000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-3138
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-3138. A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.
FIRST-EPSS: 0.000470000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-43785
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-43785. A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-43785
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-43785. A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8