#ExploitObserverAlert
CVE-2023-1756
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-1756. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-1756
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-1756. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2024-23649
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23649. Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports. Creating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported: Any authenticated user can obtain arbitrary (untargeted) private message contents. Privileges required depend on the instance configuration; when registrations are enabled without application system, the privileges required are practically none. When registration applications are required, privileges required could be considered low, but this assessment heavily varies by instance. Version 0.19.1 contains a patch for this issue. A workaround is available. If an update to a fixed Lemmy version is not immediately possible, the API route can be blocked in the reverse proxy. This will prevent anyone from reporting private messages, but it will also prevent exploitation before the update has been applied.
CVE-2024-23649
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23649. Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports. Creating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported: Any authenticated user can obtain arbitrary (untargeted) private message contents. Privileges required depend on the instance configuration; when registrations are enabled without application system, the privileges required are practically none. When registration applications are required, privileges required could be considered low, but this assessment heavily varies by instance. Version 0.19.1 contains a patch for this issue. A workaround is available. If an update to a fixed Lemmy version is not immediately possible, the API route can be blocked in the reverse proxy. This will prevent anyone from reporting private messages, but it will also prevent exploitation before the update has been applied.
#ExploitObserverAlert
CVE-2024-0348
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0348. A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116.
FIRST-EPSS: 0.000510000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2024-0348
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-0348. A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116.
FIRST-EPSS: 0.000510000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-6889
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-6889. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-6889
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-6889. Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
FIRST-EPSS: 0.000450000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-0790
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-0790. Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000560000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-0790
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-0790. Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
FIRST-EPSS: 0.000560000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
PSS-176716
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176716. Ubuntu Security Notice USN-6598-1. Ubuntu Security Notice 6598-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.
PSS-176716
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176716. Ubuntu Security Notice USN-6598-1. Ubuntu Security Notice 6598-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.
#ExploitObserverAlert
CVE-2024-22651
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22651. There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.
CVE-2024-22651
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-22651. There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.
#ExploitObserverAlert
CVE-2023-36414
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-36414. Azure Identity SDK Remote Code Execution Vulnerability
FIRST-EPSS: 0.001960000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-36414
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2023-36414. Azure Identity SDK Remote Code Execution Vulnerability
FIRST-EPSS: 0.001960000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-50943
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-50943. Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.
CVE-2023-50943
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-50943. Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.
#ExploitObserverAlert
CVE-2023-46137
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-46137. Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-46137
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-46137. Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-23985
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23985. EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.
CVE-2024-23985
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23985. EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.
#ExploitObserverAlert
CVE-2023-32571
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2023-32571. Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
FIRST-EPSS: 0.001430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-32571
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2023-32571. Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
FIRST-EPSS: 0.001430000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-4425-3v92-m6q6
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-4425-3v92-m6q6. Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
GHSA-4425-3v92-m6q6
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-4425-3v92-m6q6. Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
#ExploitObserverAlert
GHSA-gwr4-pj6r-2576
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to GHSA-gwr4-pj6r-2576. ** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
GHSA-gwr4-pj6r-2576
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to GHSA-gwr4-pj6r-2576. ** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
#ExploitObserverAlert
CVE-2022-25168
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-25168. Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).
FIRST-EPSS: 0.004050000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-25168
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-25168. Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).
FIRST-EPSS: 0.004050000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-39198
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2022-39198. A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.
FIRST-EPSS: 0.005760000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-39198
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2022-39198. A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.
FIRST-EPSS: 0.005760000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-20698
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2024-20698. Windows Kernel Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2024-20698
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2024-20698. Windows Kernel Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-22971
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-22971. In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
FIRST-EPSS: 0.006290000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2022-22971
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-22971. In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
FIRST-EPSS: 0.006290000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-fpqg-fv5v-vhpr
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-fpqg-fv5v-vhpr. An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
GHSA-fpqg-fv5v-vhpr
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-fpqg-fv5v-vhpr. An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
#ExploitObserverAlert
CVE-2022-41966
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-41966. XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.
FIRST-EPSS: 0.001590000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-41966
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-41966. XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.
FIRST-EPSS: 0.001590000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-4492
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-4492. The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
FIRST-EPSS: 0.000570000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-4492
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-4492. The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
FIRST-EPSS: 0.000570000
NVD-IS: 3.6
NVD-ES: 3.9