#ExploitObserverAlert
CVE-2023-50943
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-50943. Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.
CVE-2023-50943
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-50943. Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.
#ExploitObserverAlert
CVE-2023-46137
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-46137. Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-46137
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-46137. Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.
FIRST-EPSS: 0.000460000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-23985
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23985. EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.
CVE-2024-23985
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23985. EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.
#ExploitObserverAlert
CVE-2023-32571
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2023-32571. Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
FIRST-EPSS: 0.001430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-32571
DESCRIPTION: Exploit Observer has 7 entries in 4 file formats related to CVE-2023-32571. Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
FIRST-EPSS: 0.001430000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-4425-3v92-m6q6
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-4425-3v92-m6q6. Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
GHSA-4425-3v92-m6q6
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-4425-3v92-m6q6. Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
#ExploitObserverAlert
GHSA-gwr4-pj6r-2576
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to GHSA-gwr4-pj6r-2576. ** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
GHSA-gwr4-pj6r-2576
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to GHSA-gwr4-pj6r-2576. ** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
#ExploitObserverAlert
CVE-2022-25168
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-25168. Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).
FIRST-EPSS: 0.004050000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-25168
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-25168. Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).
FIRST-EPSS: 0.004050000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-39198
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2022-39198. A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.
FIRST-EPSS: 0.005760000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-39198
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2022-39198. A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.
FIRST-EPSS: 0.005760000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-20698
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2024-20698. Windows Kernel Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2024-20698
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2024-20698. Windows Kernel Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-22971
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-22971. In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
FIRST-EPSS: 0.006290000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2022-22971
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-22971. In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
FIRST-EPSS: 0.006290000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-fpqg-fv5v-vhpr
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-fpqg-fv5v-vhpr. An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
GHSA-fpqg-fv5v-vhpr
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-fpqg-fv5v-vhpr. An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
#ExploitObserverAlert
CVE-2022-41966
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-41966. XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.
FIRST-EPSS: 0.001590000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-41966
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-41966. XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.
FIRST-EPSS: 0.001590000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-4492
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-4492. The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
FIRST-EPSS: 0.000570000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-4492
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-4492. The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
FIRST-EPSS: 0.000570000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-25500
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-25500. Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-25500
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-25500. Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
PSS-176792
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176792. Apple Security Advisory 01-22-2024-1. Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.
PSS-176792
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176792. Apple Security Advisory 01-22-2024-1. Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.
#ExploitObserverAlert
GHSA-hg94-7rm8-6vf7
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-hg94-7rm8-6vf7. Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)
GHSA-hg94-7rm8-6vf7
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-hg94-7rm8-6vf7. Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)
#ExploitObserverAlert
GHSA-rxj5-22xc-hccm
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-rxj5-22xc-hccm. A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699.
GHSA-rxj5-22xc-hccm
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-rxj5-22xc-hccm. A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699.
#ExploitObserverAlert
GHSA-ggw5-hfxp-7276
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-ggw5-hfxp-7276. Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.
GHSA-ggw5-hfxp-7276
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-ggw5-hfxp-7276. Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.
#ExploitObserverAlert
CVE-2022-46907
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2022-46907. A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.
FIRST-EPSS: 0.001850000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2022-46907
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2022-46907. A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.
FIRST-EPSS: 0.001850000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-2053
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-2053. When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in "All workers are in error state" and mod_cluster responds "503 Service Unavailable" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the "retry" timeout passes. However, luckily, mod_proxy_balancer has "forcerecovery" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding "503 Service Unavailable". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.
FIRST-EPSS: 0.000810000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-2053
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-2053. When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in "All workers are in error state" and mod_cluster responds "503 Service Unavailable" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the "retry" timeout passes. However, luckily, mod_proxy_balancer has "forcerecovery" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding "503 Service Unavailable". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.
FIRST-EPSS: 0.000810000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-x83f-9m8f-428q
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to GHSA-x83f-9m8f-428q. Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
GHSA-x83f-9m8f-428q
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to GHSA-x83f-9m8f-428q. Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)