#ExploitObserverAlert
CVE-2023-43786
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2023-43786. A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-43786
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2023-43786. A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
FIRST-EPSS: 0.000420000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-6129
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-6129. Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.
FIRST-EPSS: 0.000450000
CVE-2023-6129
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-6129. Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-40166
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-40166. Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-40166
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-40166. Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.
FIRST-EPSS: 0.000520000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-26609
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-26609. ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.
FIRST-EPSS: 0.003580000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2023-26609
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-26609. ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.
FIRST-EPSS: 0.003580000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2023-1326
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-1326. A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-1326
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to CVE-2023-1326. A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-14967
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-14967. An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues.
FIRST-EPSS: 0.012220000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-14967
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-14967. An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues.
FIRST-EPSS: 0.012220000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-50290
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to PD/HTTP/CVES/2023/CVE-2023-50290. Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.
PD/http/cves/2023/CVE-2023-50290
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to PD/HTTP/CVES/2023/CVE-2023-50290. Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host,unlike Java system properties which are set per-Java-proccess.
#ExploitObserverAlert
CVE-2022-41853
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2022-41853. Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
FIRST-EPSS: 0.007580000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-41853
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2022-41853. Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
FIRST-EPSS: 0.007580000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-0656
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-0656. A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
FIRST-EPSS: 0.001150000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-0656
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-0656. A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
FIRST-EPSS: 0.001150000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-3119
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2020-3119. A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
FIRST-EPSS: 0.001210000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-3119
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2020-3119. A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
FIRST-EPSS: 0.001210000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-30334
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-30334. Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."
FIRST-EPSS: 0.001130000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2022-30334
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-30334. Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."
FIRST-EPSS: 0.001130000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-3775
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2022-3775. When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
FIRST-EPSS: 0.000420000
NVD-IS: 5.2
NVD-ES: 1.8
CVE-2022-3775
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2022-3775. When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
FIRST-EPSS: 0.000420000
NVD-IS: 5.2
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-6538
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-6538. SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
FIRST-EPSS: 0.000490000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-6538
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-6538. SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
FIRST-EPSS: 0.000490000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-62jr-84gf-wmg4
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-62JR-84GF-WMG4. The default configuration of fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module.
GHSS: 5.3
GHSA-62jr-84gf-wmg4
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-62JR-84GF-WMG4. The default configuration of fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module.
GHSS: 5.3
#ExploitObserverAlert
CVE-2023-33461
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2023-33461. iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-33461
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2023-33461. iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2024-22362
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-22362. Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.
FIRST-EPSS: 0.000450000
CVE-2024-22362
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-22362. Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
GHSA-8rfx-6mr3-5jh3
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to GHSA-8RFX-6MR3-5JH3. This advisory has been withdrawn because it is a duplicate of GHSA-5crp-9r3c-p9vr. This link is maintained to preserve external references.
GHSA-8rfx-6mr3-5jh3
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to GHSA-8RFX-6MR3-5JH3. This advisory has been withdrawn because it is a duplicate of GHSA-5crp-9r3c-p9vr. This link is maintained to preserve external references.
#ExploitObserverAlert
PD/http/cves/2020/CVE-2020-27838
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to PD/HTTP/CVES/2020/CVE-2020-27838. A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
PD/http/cves/2020/CVE-2020-27838
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to PD/HTTP/CVES/2020/CVE-2020-27838. A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
#ExploitObserverAlert
CVE-2023-46303
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-46303. link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-46303
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-46303. link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-33242
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-33242. Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.
FIRST-EPSS: 0.000970000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2023-33242
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-33242. Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.
FIRST-EPSS: 0.000970000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-21320
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-21320. Windows Themes Spoofing Vulnerability
FIRST-EPSS: 0.000910000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2024-21320
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-21320. Windows Themes Spoofing Vulnerability
FIRST-EPSS: 0.000910000
NVD-IS: 3.6
NVD-ES: 2.8