#ExploitObserverAlert
CVE-2023-21266
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-21266. In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-21266
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-21266. In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2024-21305
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-21305. Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 0.8
CVE-2024-21305
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-21305. Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 0.8
#ExploitObserverAlert
GHSA-vwv2-9wcj-64vx
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-VWV2-9WCJ-64VX. Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
GHSS: 6.5
GHSA-vwv2-9wcj-64vx
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-VWV2-9WCJ-64VX. Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
GHSS: 6.5
#ExploitObserverAlert
CVE-2023-41619
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-41619. Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write.
FIRST-EPSS: 0.000430000
CVE-2023-41619
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-41619. Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-20963
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2023-20963. In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
FIRST-EPSS: 0.002240000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-20963
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2023-20963. In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
FIRST-EPSS: 0.002240000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-24023
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2023-24023. Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
FIRST-EPSS: 0.000460000
NVD-IS: 5.2
NVD-ES: 1.6
CVE-2023-24023
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2023-24023. Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.
FIRST-EPSS: 0.000460000
NVD-IS: 5.2
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2023-22527
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2023-22527. A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
FIRST-EPSS: 0.000440000
CVE-2023-22527
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2023-22527. A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
FIRST-EPSS: 0.000440000
#ExploitObserverAlert
CVE-2023-6395
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2023-6395. The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.
FIRST-EPSS: 0.000640000
CVE-2023-6395
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to CVE-2023-6395. The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.
FIRST-EPSS: 0.000640000
#ExploitObserverAlert
CVE-2023-43955
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-43955. The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
FIRST-EPSS: 0.002610000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-43955
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-43955. The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
FIRST-EPSS: 0.002610000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
MSF/exploit_linux/local/ansible_node_deployer
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to MSF/EXPLOIT_LINUX/LOCAL/ANSIBLE_NODE_DEPLOYER. This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected (default all).
MSF/exploit_linux/local/ansible_node_deployer
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to MSF/EXPLOIT_LINUX/LOCAL/ANSIBLE_NODE_DEPLOYER. This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected (default all).
#ExploitObserverAlert
GHSA-85rf-xh54-whp3
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-85RF-XH54-WHP3. A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version.
GHSA-85rf-xh54-whp3
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-85RF-XH54-WHP3. A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version.
#ExploitObserverAlert
CVE-2022-1223
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2022-1223. Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
FIRST-EPSS: 0.000610000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2022-1223
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2022-1223. Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
FIRST-EPSS: 0.000610000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-22409
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22409. DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade.
CVE-2024-22409
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22409. DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade.
#ExploitObserverAlert
ZDI-23-1836
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to ZDI-23-1836. Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-44452.
ZDI-23-1836
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to ZDI-23-1836. Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-44452.
#ExploitObserverAlert
CVE-2024-22920
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22920. swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c.
CVE-2024-22920
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22920. swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c.
#ExploitObserverAlert
CVE-2024-22914
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22914. A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service.
CVE-2024-22914
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22914. A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service.
#ExploitObserverAlert
GHSA-4m5p-5w5w-3jcf
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-4M5P-5W5W-3JCF. All id-providers using lib-auth login method. lib-auth should invalidate old session after login and replicate session attributes in a new one, however this is not the behavior in affected versions.
GHSA-4m5p-5w5w-3jcf
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to GHSA-4M5P-5W5W-3JCF. All id-providers using lib-auth login method. lib-auth should invalidate old session after login and replicate session attributes in a new one, however this is not the behavior in affected versions.
#ExploitObserverAlert
CVE-2023-38596
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2023-38596. The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-38596
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2023-38596. The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security.
FIRST-EPSS: 0.000540000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2024-22075
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2024-22075. Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2024-22075
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2024-22075. Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
FIRST-EPSS: 0.000460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-52251
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52251. An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
CVE-2023-52251
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52251. An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
#ExploitObserverAlert
CVE-2024-23644
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23644. Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert "\r\n" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values. Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.
CVE-2024-23644
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23644. Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert "\r\n" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values. Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.