#ExploitObserverAlert
CVE-2022-42916
DESCRIPTION: Exploit Observer has 22 entries in 2 file formats related to CVE-2022-42916. In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
FIRST-EPSS: 0.001100000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-42916
DESCRIPTION: Exploit Observer has 22 entries in 2 file formats related to CVE-2022-42916. In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
FIRST-EPSS: 0.001100000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-37538
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2021-37538. Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.
FIRST-EPSS: 0.028190000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-37538
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2021-37538. Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.
FIRST-EPSS: 0.028190000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-35338
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2020-35338. The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon."
FIRST-EPSS: 0.256160000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-35338
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2020-35338. The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon."
FIRST-EPSS: 0.256160000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-51804
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51804. An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file.
CVE-2023-51804
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51804. An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file.
#ExploitObserverAlert
CVE-2023-51070
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51070. An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server.
CVE-2023-51070
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-51070. An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server.
#ExploitObserverAlert
CVE-2023-7024
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2023-7024. Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.003610000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-7024
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2023-7024. Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.003610000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-28407
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2020-28407. In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
FIRST-EPSS: 0.000420000
NVD-IS: 5.2
NVD-ES: 1.8
CVE-2020-28407
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2020-28407. In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
FIRST-EPSS: 0.000420000
NVD-IS: 5.2
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-2944
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2020-2944. Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
FIRST-EPSS: 0.001010000
NVD-IS: 6.0
NVD-ES: 2.0
CVE-2020-2944
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2020-2944. Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
FIRST-EPSS: 0.001010000
NVD-IS: 6.0
NVD-ES: 2.0
#ExploitObserverAlert
CVE-2021-22922
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to CVE-2021-22922. When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.
FIRST-EPSS: 0.001780000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2021-22922
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to CVE-2021-22922. When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.
FIRST-EPSS: 0.001780000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-21667
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-21667. pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6.
CVE-2024-21667
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-21667. pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6.
#ExploitObserverAlert
GHSA-4553-hq82-8654
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-4553-HQ82-8654. This advisory has been withdrawn because it is a duplicate of GHSA-3px7-jm2p-6h2c. This link is maintained to preserve external references.
GHSS: 7.5
GHSA-4553-hq82-8654
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-4553-HQ82-8654. This advisory has been withdrawn because it is a duplicate of GHSA-3px7-jm2p-6h2c. This link is maintained to preserve external references.
GHSS: 7.5
#ExploitObserverAlert
CVE-2021-41072
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2021-41072. squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
FIRST-EPSS: 0.002930000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2021-41072
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2021-41072. squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
FIRST-EPSS: 0.002930000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-27518
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2022-27518. Unauthenticated remote arbitrary code execution
FIRST-EPSS: 0.042960000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-27518
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2022-27518. Unauthenticated remote arbitrary code execution
FIRST-EPSS: 0.042960000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-8fwg-w59v-g942
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to GHSA-8FWG-W59V-G942. This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
GHSS: 5.5
GHSA-8fwg-w59v-g942
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to GHSA-8FWG-W59V-G942. This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
GHSS: 5.5
#ExploitObserverAlert
CVE-2022-41922
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-41922. `yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
FIRST-EPSS: 0.003850000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-41922
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-41922. `yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
FIRST-EPSS: 0.003850000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-45866
DESCRIPTION: Exploit Observer has 23 entries in 2 file formats related to CVE-2023-45866. Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
FIRST-EPSS: 0.000640000
NVD-IS: 3.4
NVD-ES: 2.8
CVE-2023-45866
DESCRIPTION: Exploit Observer has 23 entries in 2 file formats related to CVE-2023-45866. Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
FIRST-EPSS: 0.000640000
NVD-IS: 3.4
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-h5c8-rqwp-cp95
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-H5C8-RQWP-CP95. The xmlattr filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. Note that accepting keys as user input is not common or a particularly intended use case of the xmlattr filter, and an application doing so should already be verifying what keys are provided regardless of this fix.
GHSS: 5.4
GHSA-h5c8-rqwp-cp95
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-H5C8-RQWP-CP95. The xmlattr filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. Note that accepting keys as user input is not common or a particularly intended use case of the xmlattr filter, and an application doing so should already be verifying what keys are provided regardless of this fix.
GHSS: 5.4
#ExploitObserverAlert
CVE-2023-6063
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-6063. The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
FIRST-EPSS: 0.033290000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-6063
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2023-6063. The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
FIRST-EPSS: 0.033290000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-1397
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-1397. API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-1397
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-1397. API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-22209
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22209. Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.
CVE-2024-22209
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22209. Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.
#ExploitObserverAlert
CVE-2023-38507
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-38507. Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-38507
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-38507. Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9