#ExploitObserverAlert
GHSA-m2pj-mjhw-x9fm
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to GHSA-M2PJ-MJHW-X9FM. An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
GHSS: 8.2
GHSA-m2pj-mjhw-x9fm
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to GHSA-M2PJ-MJHW-X9FM. An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
GHSS: 8.2
#ExploitObserverAlert
CVE-2023-20273
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2023-20273. A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
FIRST-EPSS: 0.060170000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2023-20273
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2023-20273. A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
FIRST-EPSS: 0.060170000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2022-2294
DESCRIPTION: Exploit Observer has 27 entries in 3 file formats related to CVE-2022-2294. Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.006130000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-2294
DESCRIPTION: Exploit Observer has 27 entries in 3 file formats related to CVE-2022-2294. Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
FIRST-EPSS: 0.006130000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-6875
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-6875. The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.
CVE-2023-6875
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-6875. The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.
#ExploitObserverAlert
CVE-2024-21640
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-21640. Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.
CVE-2024-21640
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-21640. Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.
#ExploitObserverAlert
CVE-2021-30144
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2021-30144. The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used.
FIRST-EPSS: 0.000820000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2021-30144
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2021-30144. The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used.
FIRST-EPSS: 0.000820000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-875g-mfp6-g7f9
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-875G-MFP6-G7F9. An issue was discovered in the FamStructWrapper::deserialize implementation provided by the crate for vmm_sys_util::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rust-safe methods.
GHSS: 5.7
GHSA-875g-mfp6-g7f9
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-875G-MFP6-G7F9. An issue was discovered in the FamStructWrapper::deserialize implementation provided by the crate for vmm_sys_util::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rust-safe methods.
GHSS: 5.7
#ExploitObserverAlert
CVE-2020-27838
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2020-27838. A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
FIRST-EPSS: 0.081350000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2020-27838
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2020-27838. A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
FIRST-EPSS: 0.081350000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-14968
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-14968. An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues.
FIRST-EPSS: 0.012220000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-14968
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-14968. An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues.
FIRST-EPSS: 0.012220000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-8r25-68wm-jw35
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-8R25-68WM-JW35. Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings.
GHSS: 7.1
GHSA-8r25-68wm-jw35
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-8R25-68WM-JW35. Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings.
GHSS: 7.1
#ExploitObserverAlert
CVE-2021-3754
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2021-3754. A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
FIRST-EPSS: 0.000780000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2021-3754
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2021-3754. A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
FIRST-EPSS: 0.000780000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-w97f-6vh7-h454
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-W97F-6VH7-H454. A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
GHSS: 7.5
GHSA-w97f-6vh7-h454
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-W97F-6VH7-H454. A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
GHSS: 7.5
#ExploitObserverAlert
CVE-2024-22207
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22207. fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.
FIRST-EPSS: 0.000430000
CVE-2024-22207
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22207. fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2020-14966
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-14966. An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.
FIRST-EPSS: 0.006770000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-14966
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-14966. An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.
FIRST-EPSS: 0.006770000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-22190
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22190. GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2024-22190
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22190. GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-43449
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43449. An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.
FIRST-EPSS: 0.000420000
CVE-2023-43449
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43449. An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.
FIRST-EPSS: 0.000420000
#ExploitObserverAlert
CVE-2023-2252
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-2252. The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.
CVE-2023-2252
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-2252. The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.
#ExploitObserverAlert
CVE-2020-8913
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-8913. A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.
FIRST-EPSS: 0.001500000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-8913
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-8913. A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.
FIRST-EPSS: 0.001500000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-32078
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2021-32078. An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
FIRST-EPSS: 0.000810000
NVD-IS: 5.2
NVD-ES: 1.8
CVE-2021-32078
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2021-32078. An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
FIRST-EPSS: 0.000810000
NVD-IS: 5.2
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-43786
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2023-43786. A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-43786
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2023-43786. A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-6129
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-6129. Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.
FIRST-EPSS: 0.000450000
CVE-2023-6129
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-6129. Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.
FIRST-EPSS: 0.000450000