#ExploitObserverAlert
CVE-2020-14968
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-14968. An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues.
FIRST-EPSS: 0.012220000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-14968
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-14968. An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues.
FIRST-EPSS: 0.012220000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-8r25-68wm-jw35
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-8R25-68WM-JW35. Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings.
GHSS: 7.1
GHSA-8r25-68wm-jw35
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-8R25-68WM-JW35. Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings.
GHSS: 7.1
#ExploitObserverAlert
CVE-2021-3754
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2021-3754. A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
FIRST-EPSS: 0.000780000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2021-3754
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2021-3754. A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
FIRST-EPSS: 0.000780000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-w97f-6vh7-h454
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-W97F-6VH7-H454. A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
GHSS: 7.5
GHSA-w97f-6vh7-h454
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-W97F-6VH7-H454. A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
GHSS: 7.5
#ExploitObserverAlert
CVE-2024-22207
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22207. fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.
FIRST-EPSS: 0.000430000
CVE-2024-22207
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22207. fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2020-14966
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-14966. An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.
FIRST-EPSS: 0.006770000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-14966
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-14966. An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.
FIRST-EPSS: 0.006770000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-22190
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22190. GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2024-22190
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22190. GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.
FIRST-EPSS: 0.000450000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-43449
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43449. An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.
FIRST-EPSS: 0.000420000
CVE-2023-43449
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43449. An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.
FIRST-EPSS: 0.000420000
#ExploitObserverAlert
CVE-2023-2252
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-2252. The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.
CVE-2023-2252
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-2252. The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.
#ExploitObserverAlert
CVE-2020-8913
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-8913. A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.
FIRST-EPSS: 0.001500000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-8913
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-8913. A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later.
FIRST-EPSS: 0.001500000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-32078
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2021-32078. An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
FIRST-EPSS: 0.000810000
NVD-IS: 5.2
NVD-ES: 1.8
CVE-2021-32078
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2021-32078. An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
FIRST-EPSS: 0.000810000
NVD-IS: 5.2
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-43786
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2023-43786. A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-43786
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2023-43786. A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-6129
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-6129. Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.
FIRST-EPSS: 0.000450000
CVE-2023-6129
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-6129. Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-40166
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-40166. Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-40166
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-40166. Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-26609
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-26609. ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.
FIRST-EPSS: 0.003580000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2023-26609
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-26609. ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.
FIRST-EPSS: 0.003580000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2023-1326
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-1326. A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-1326
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-1326. A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-14967
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-14967. An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues.
FIRST-EPSS: 0.012220000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-14967
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-14967. An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues.
FIRST-EPSS: 0.012220000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-50290
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to PD/HTTP/CVES/2023/CVE-2023-50290. Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.
PD/http/cves/2023/CVE-2023-50290
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to PD/HTTP/CVES/2023/CVE-2023-50290. Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.
#ExploitObserverAlert
CVE-2022-41853
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2022-41853. Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
FIRST-EPSS: 0.007580000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-41853
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2022-41853. Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
FIRST-EPSS: 0.007580000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-0656
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-0656. A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
FIRST-EPSS: 0.001150000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-0656
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-0656. A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
FIRST-EPSS: 0.001150000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-3119
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2020-3119. A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
FIRST-EPSS: 0.001210000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-3119
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2020-3119. A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
FIRST-EPSS: 0.001210000
NVD-IS: 5.9
NVD-ES: 2.8