#ExploitObserverAlert
CVE-2021-22134
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2021-22134. A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view.
FIRST-EPSS: 0.000590000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2021-22134
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2021-22134. A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view.
FIRST-EPSS: 0.000590000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
PSS-176788
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176788. Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the setNetworkCardInfo function.
PSS-176788
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176788. Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the setNetworkCardInfo function.
#ExploitObserverAlert
CVE-2023-26048
DESCRIPTION: Exploit Observer has 11 entries in 5 file formats related to CVE-2023-26048. Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).
FIRST-EPSS: 0.001310000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-26048
DESCRIPTION: Exploit Observer has 11 entries in 5 file formats related to CVE-2023-26048. Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).
FIRST-EPSS: 0.001310000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-3859
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2021-3859. A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
FIRST-EPSS: 0.003750000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-3859
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2021-3859. A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
FIRST-EPSS: 0.003750000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-26612
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2022-26612. In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3
FIRST-EPSS: 0.015140000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-26612
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2022-26612. In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3
FIRST-EPSS: 0.015140000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
PSS-176785
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176785. Ubuntu Security Notice USN-6607-1. Ubuntu Security Notice 6607-1 - It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
PSS-176785
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176785. Ubuntu Security Notice USN-6607-1. Ubuntu Security Notice 6607-1 - It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
#ExploitObserverAlert
CVE-2021-36161
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2021-36161. Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13
FIRST-EPSS: 0.030010000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-36161
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2021-36161. Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13
FIRST-EPSS: 0.030010000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-2047
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-2047. In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
FIRST-EPSS: 0.000600000
NVD-IS: 1.4
NVD-ES: 1.2
CVE-2022-2047
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2022-2047. In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
FIRST-EPSS: 0.000600000
NVD-IS: 1.4
NVD-ES: 1.2
#ExploitObserverAlert
PSS-176778
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176778. Ubuntu Security Notice USN-6601-1. Ubuntu Security Notice 6601-1 - It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
PSS-176778
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176778. Ubuntu Security Notice USN-6601-1. Ubuntu Security Notice 6601-1 - It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
#ExploitObserverAlert
WLB-2024010077
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010077. Atlassian Confluence SSTI Injection.
WLB-2024010077
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010077. Atlassian Confluence SSTI Injection.
#ExploitObserverAlert
PSS-176789
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176789. Atlassian Confluence SSTI Injection. This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable.
PSS-176789
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176789. Atlassian Confluence SSTI Injection. This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable.
#ExploitObserverAlert
GHSA-rwf9-8fqr-p44m
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-rwf9-8fqr-p44m. Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data.
GHSA-rwf9-8fqr-p44m
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to GHSA-rwf9-8fqr-p44m. Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data.
#ExploitObserverAlert
CVE-2021-22060
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2021-22060. In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
FIRST-EPSS: 0.000540000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2021-22060
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2021-22060. In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
FIRST-EPSS: 0.000540000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-29265
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-29265. Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - EvaluateXPath - EvaluateXQuery - ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.
FIRST-EPSS: 0.001270000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-29265
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-29265. Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - EvaluateXPath - EvaluateXQuery - ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services.
FIRST-EPSS: 0.001270000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-7021
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2020-7021. Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.
FIRST-EPSS: 0.000650000
NVD-IS: 3.6
NVD-ES: 1.2
CVE-2020-7021
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to CVE-2020-7021. Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.
FIRST-EPSS: 0.000650000
NVD-IS: 3.6
NVD-ES: 1.2
#ExploitObserverAlert
PSS-176798
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176798. Apple Security Advisory 01-22-2024-3. Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
PSS-176798
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176798. Apple Security Advisory 01-22-2024-3. Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
#ExploitObserverAlert
CVE-2022-28732
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-28732. A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.
FIRST-EPSS: 0.003650000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2022-28732
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-28732. A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.
FIRST-EPSS: 0.003650000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-24947
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-24947. Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-24947
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2022-24947. Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-46364
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2022-46364. A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
FIRST-EPSS: 0.028500000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-46364
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2022-46364. A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
FIRST-EPSS: 0.028500000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
PSS-176780
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176780. Ubuntu Security Notice USN-6603-1. Ubuntu Security Notice 6603-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information. Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
PSS-176780
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176780. Ubuntu Security Notice USN-6603-1. Ubuntu Security Notice 6603-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information. Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
#ExploitObserverAlert
WLB-2024010080
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010080. YahooPOPs 1.6 - SMTP - Denial of Service (DoS).
WLB-2024010080
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024010080. YahooPOPs 1.6 - SMTP - Denial of Service (DoS).