#ExploitObserverAlert
CVE-2023-26049
DESCRIPTION: Exploit Observer has 9 entries in 4 file formats related to CVE-2023-26049. Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.
FIRST-EPSS: 0.001720000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-26049
DESCRIPTION: Exploit Observer has 9 entries in 4 file formats related to CVE-2023-26049. Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.
FIRST-EPSS: 0.001720000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-27838
DESCRIPTION: Exploit Observer has 6 entries in 5 file formats related to CVE-2020-27838. A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
FIRST-EPSS: 0.081350000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2020-27838
DESCRIPTION: Exploit Observer has 6 entries in 5 file formats related to CVE-2020-27838. A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
FIRST-EPSS: 0.081350000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
PSS-176784
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176784. YahooPOPs 1.6 Denial Of Service. YahooPOPs version 1.6 remote denial of service exploit.
PSS-176784
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176784. YahooPOPs 1.6 Denial Of Service. YahooPOPs version 1.6 remote denial of service exploit.
#ExploitObserverAlert
CVE-2021-3632
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2021-3632. A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
FIRST-EPSS: 0.001630000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2021-3632
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to CVE-2021-3632. A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
FIRST-EPSS: 0.001630000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
PSS-176781
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176781. Ubuntu Security Notice USN-6604-1. Ubuntu Security Notice 6604-1 - It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information.
PSS-176781
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176781. Ubuntu Security Notice USN-6604-1. Ubuntu Security Notice 6604-1 - It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information.
#ExploitObserverAlert
PSS-176793
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176793. Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function.
PSS-176793
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176793. Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function.
#ExploitObserverAlert
CVE-2021-3827
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2021-3827. A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
FIRST-EPSS: 0.001130000
NVD-IS: 5.2
NVD-ES: 1.6
CVE-2021-3827
DESCRIPTION: Exploit Observer has 5 entries in 4 file formats related to CVE-2021-3827. A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
FIRST-EPSS: 0.001130000
NVD-IS: 5.2
NVD-ES: 1.6
#ExploitObserverAlert
PSS-176796
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176796. Vinchin Backup And Recovery 7.2 SystemHandler.class.php Command Injection. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in SystemHandler.class.php.
PSS-176796
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176796. Vinchin Backup And Recovery 7.2 SystemHandler.class.php Command Injection. Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in SystemHandler.class.php.
#ExploitObserverAlert
CVE-2022-34158
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-34158. A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.
FIRST-EPSS: 0.003930000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-34158
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-34158. A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.
FIRST-EPSS: 0.003930000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-2764
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2022-2764. A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.
FIRST-EPSS: 0.000610000
NVD-IS: 3.6
NVD-ES: 1.2
CVE-2022-2764
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2022-2764. A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.
FIRST-EPSS: 0.000610000
NVD-IS: 3.6
NVD-ES: 1.2
#ExploitObserverAlert
PSS-176791
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to PSS-176791. CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command. CloudLinux CageFS versions 7.0.8-2 and below insufficiently restrict file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
PSS-176791
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to PSS-176791. CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command. CloudLinux CageFS versions 7.0.8-2 and below insufficiently restrict file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
#ExploitObserverAlert
CVE-2021-22132
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2021-22132. Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2
FIRST-EPSS: 0.000820000
NVD-IS: 3.6
NVD-ES: 1.2
CVE-2021-22132
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2021-22132. Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2
FIRST-EPSS: 0.000820000
NVD-IS: 3.6
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2021-3690
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2021-3690. A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
FIRST-EPSS: 0.000810000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-3690
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2021-3690. A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
FIRST-EPSS: 0.000810000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-3461
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2021-3461. A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
FIRST-EPSS: 0.000620000
NVD-IS: 5.2
NVD-ES: 1.8
CVE-2021-3461
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2021-3461. A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
FIRST-EPSS: 0.000620000
NVD-IS: 5.2
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-3424
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2021-3424. A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.
FIRST-EPSS: 0.000720000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2021-3424
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2021-3424. A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.
FIRST-EPSS: 0.000720000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
PSS-176783
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176783. Ubuntu Security Notice USN-6606-1. Ubuntu Security Notice 6606-1 - It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.
PSS-176783
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176783. Ubuntu Security Notice USN-6606-1. Ubuntu Security Notice 6606-1 - It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.
#ExploitObserverAlert
CVE-2021-36162
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2021-36162. Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). These rules are loaded into the configuration center (eg: Zookeeper, Nacos, ...) and retrieved by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers will use SnakeYAML library to load the rules which by default will enable calling arbitrary constructors. An attacker with access to the configuration center he will be able to poison the rule so when retrieved by the consumers, it will get RCE on all of them. This was fixed in Dubbo 2.7.13, 3.0.2
FIRST-EPSS: 0.001650000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-36162
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2021-36162. Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). These rules are loaded into the configuration center (eg: Zookeeper, Nacos, ...) and retrieved by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers will use SnakeYAML library to load the rules which by default will enable calling arbitrary constructors. An attacker with access to the configuration center he will be able to poison the rule so when retrieved by the consumers, it will get RCE on all of them. This was fixed in Dubbo 2.7.13, 3.0.2
FIRST-EPSS: 0.001650000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-40369
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2021-40369. A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.
FIRST-EPSS: 0.003050000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2021-40369
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2021-40369. A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.
FIRST-EPSS: 0.003050000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-42004
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-42004. IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.
FIRST-EPSS: 0.000700000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-42004
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-42004. IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.
FIRST-EPSS: 0.000700000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
PSS-176777
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176777. Ubuntu Security Notice USN-6600-1. Ubuntu Security Notice 6600-1 - Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16 in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10. CVE-2022-47015 only affected the MariaDB packages in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
PSS-176777
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-176777. Ubuntu Security Notice USN-6600-1. Ubuntu Security Notice 6600-1 - Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16 in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10. CVE-2022-47015 only affected the MariaDB packages in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
#ExploitObserverAlert
CVE-2022-28731
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-28731. A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
FIRST-EPSS: 0.000630000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2022-28731
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2022-28731. A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
FIRST-EPSS: 0.000630000
NVD-IS: 3.6
NVD-ES: 2.8