#ExploitObserverAlert
GHSA-4425-3v92-m6q6
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-4425-3v92-m6q6. Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
GHSA-4425-3v92-m6q6
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-4425-3v92-m6q6. Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.
#ExploitObserverAlert
GHSA-gwr4-pj6r-2576
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to GHSA-gwr4-pj6r-2576. ** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
GHSA-gwr4-pj6r-2576
DESCRIPTION: Exploit Observer has 7 entries in 5 file formats related to GHSA-gwr4-pj6r-2576. ** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
#ExploitObserverAlert
CVE-2022-25168
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-25168. Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).
FIRST-EPSS: 0.004050000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-25168
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-25168. Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).
FIRST-EPSS: 0.004050000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-39198
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2022-39198. A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.
FIRST-EPSS: 0.005760000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-39198
DESCRIPTION: Exploit Observer has 4 entries in 4 file formats related to CVE-2022-39198. A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.
FIRST-EPSS: 0.005760000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-20698
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2024-20698. Windows Kernel Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2024-20698
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2024-20698. Windows Kernel Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-22971
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-22971. In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
FIRST-EPSS: 0.006290000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2022-22971
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-22971. In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
FIRST-EPSS: 0.006290000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-fpqg-fv5v-vhpr
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-fpqg-fv5v-vhpr. An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
GHSA-fpqg-fv5v-vhpr
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-fpqg-fv5v-vhpr. An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
#ExploitObserverAlert
CVE-2022-41966
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-41966. XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.
FIRST-EPSS: 0.001590000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-41966
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-41966. XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.
FIRST-EPSS: 0.001590000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-4492
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-4492. The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
FIRST-EPSS: 0.000570000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-4492
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-4492. The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
FIRST-EPSS: 0.000570000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-25500
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-25500. Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-25500
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2023-25500. Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
PSS-176792
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176792. Apple Security Advisory 01-22-2024-1. Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.
PSS-176792
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176792. Apple Security Advisory 01-22-2024-1. Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.
#ExploitObserverAlert
GHSA-hg94-7rm8-6vf7
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-hg94-7rm8-6vf7. Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)
GHSA-hg94-7rm8-6vf7
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-hg94-7rm8-6vf7. Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)
#ExploitObserverAlert
GHSA-rxj5-22xc-hccm
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-rxj5-22xc-hccm. A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699.
GHSA-rxj5-22xc-hccm
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-rxj5-22xc-hccm. A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699.
#ExploitObserverAlert
GHSA-ggw5-hfxp-7276
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-ggw5-hfxp-7276. Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.
GHSA-ggw5-hfxp-7276
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-ggw5-hfxp-7276. Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.
#ExploitObserverAlert
CVE-2022-46907
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2022-46907. A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.
FIRST-EPSS: 0.001850000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2022-46907
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2022-46907. A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.
FIRST-EPSS: 0.001850000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-2053
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-2053. When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in "All workers are in error state" and mod_cluster responds "503 Service Unavailable" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the "retry" timeout passes. However, luckily, mod_proxy_balancer has "forcerecovery" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding "503 Service Unavailable". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.
FIRST-EPSS: 0.000810000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-2053
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-2053. When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in "All workers are in error state" and mod_cluster responds "503 Service Unavailable" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the "retry" timeout passes. However, luckily, mod_proxy_balancer has "forcerecovery" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding "503 Service Unavailable". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.
FIRST-EPSS: 0.000810000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-x83f-9m8f-428q
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to GHSA-x83f-9m8f-428q. Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
GHSA-x83f-9m8f-428q
DESCRIPTION: Exploit Observer has 6 entries in 2 file formats related to GHSA-x83f-9m8f-428q. Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
#ExploitObserverAlert
PSS-176774
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176774. Red Hat Security Advisory 2024-0500-03. Red Hat Security Advisory 2024-0500-03 - An update for openssl is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
PSS-176774
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176774. Red Hat Security Advisory 2024-0500-03. Red Hat Security Advisory 2024-0500-03 - An update for openssl is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
#ExploitObserverAlert
CVE-2021-37404
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2021-37404. There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
FIRST-EPSS: 0.001730000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-37404
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2021-37404. There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
FIRST-EPSS: 0.001730000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-7020
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-7020. Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
FIRST-EPSS: 0.000680000
NVD-IS: 1.4
NVD-ES: 1.6
CVE-2020-7020
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2020-7020. Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
FIRST-EPSS: 0.000680000
NVD-IS: 1.4
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2021-22134
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2021-22134. A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view.
FIRST-EPSS: 0.000590000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2021-22134
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2021-22134. A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view.
FIRST-EPSS: 0.000590000
NVD-IS: 1.4
NVD-ES: 2.8