#ExploitObserverAlert
CVE-2024-23898
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-23898. Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.
CVE-2024-23898
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-23898. Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.
#ExploitObserverAlert
CVE-2023-43990
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43990. An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43990
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43990. An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
#ExploitObserverAlert
CVE-2023-43994
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43994. An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43994
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43994. An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
#ExploitObserverAlert
CVE-2023-43993
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43993. An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43993
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-43993. An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
#ExploitObserverAlert
CVE-2024-0185
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0185. A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443.
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2024-0185
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0185. A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443.
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-47211
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2023-47211. A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
FIRST-EPSS: 0.001640000
NVD-IS: 4.0
NVD-ES: 3.9
CVE-2023-47211
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2023-47211. A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
FIRST-EPSS: 0.001640000
NVD-IS: 4.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-0208
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2024-0208. GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-0208
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2024-0208. GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-0572
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-0572. Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.
FIRST-EPSS: 0.000530000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-0572
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-0572. Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.
FIRST-EPSS: 0.000530000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-28531
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2023-28531. ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-28531
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2023-28531. ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-r2mg-qw96-w89q
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to GHSA-r2mg-qw96-w89q. The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges.
GHSA-r2mg-qw96-w89q
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to GHSA-r2mg-qw96-w89q. The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges.
#ExploitObserverAlert
CVE-2023-1756
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-1756. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-1756
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-1756. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2024-23649
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23649. Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports. Creating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported: Any authenticated user can obtain arbitrary (untargeted) private message contents. Privileges required depend on the instance configuration; when registrations are enabled without application system, the privileges required are practically none. When registration applications are required, privileges required could be considered low, but this assessment heavily varies by instance. Version 0.19.1 contains a patch for this issue. A workaround is available. If an update to a fixed Lemmy version is not immediately possible, the API route can be blocked in the reverse proxy. This will prevent anyone from reporting private messages, but it will also prevent exploitation before the update has been applied.
CVE-2024-23649
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23649. Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports. Creating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported: Any authenticated user can obtain arbitrary (untargeted) private message contents. Privileges required depend on the instance configuration; when registrations are enabled without application system, the privileges required are practically none. When registration applications are required, privileges required could be considered low, but this assessment heavily varies by instance. Version 0.19.1 contains a patch for this issue. A workaround is available. If an update to a fixed Lemmy version is not immediately possible, the API route can be blocked in the reverse proxy. This will prevent anyone from reporting private messages, but it will also prevent exploitation before the update has been applied.
#ExploitObserverAlert
CVE-2024-0348
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0348. A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116.
FIRST-EPSS: 0.000510000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2024-0348
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0348. A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116.
FIRST-EPSS: 0.000510000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-6889
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-6889. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-6889
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-6889. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-0790
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-0790. Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000560000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-0790
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-0790. Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000560000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
PSS-176716
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176716. Ubuntu Security Notice USN-6598-1. Ubuntu Security Notice 6598-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.
PSS-176716
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176716. Ubuntu Security Notice USN-6598-1. Ubuntu Security Notice 6598-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.
#ExploitObserverAlert
CVE-2024-22651
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22651. There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.
CVE-2024-22651
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22651. There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.
#ExploitObserverAlert
CVE-2023-36414
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-36414. Azure Identity SDK Remote Code Execution Vulnerability
FIRST-EPSS: 0.001960000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-36414
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-36414. Azure Identity SDK Remote Code Execution Vulnerability
FIRST-EPSS: 0.001960000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-50943
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-50943. Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.
CVE-2023-50943
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-50943. Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.
#ExploitObserverAlert
CVE-2023-46137
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-46137. Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-46137
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-46137. Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-23985
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23985. EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.
CVE-2024-23985
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23985. EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.