#ExploitObserverAlert
CVE-2024-25004
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25004. KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
FIRST-EPSS: 0.000430000
CVE-2024-25004
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25004. KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
ZDI-24-097
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-097. Wazuh Log Collector Integer Underflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wazuh. Log Injection is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.4. The following CVEs are assigned: CVE-2023-42463.
ZDI-24-097
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-097. Wazuh Log Collector Integer Underflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wazuh. Log Injection is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.4. The following CVEs are assigned: CVE-2023-42463.
#ExploitObserverAlert
CVE-2024-24806
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24806. libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000620000
CVE-2024-24806
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24806. libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000620000
#ExploitObserverAlert
PSS-177061
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177061. Red Hat Security Advisory 2024-0756-03. Red Hat Security Advisory 2024-0756-03 - An update for runc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
PSS-177061
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177061. Red Hat Security Advisory 2024-0756-03. Red Hat Security Advisory 2024-0756-03 - An update for runc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
#ExploitObserverAlert
CVE-2023-6935
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-6935. wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.
FIRST-EPSS: 0.000430000
CVE-2023-6935
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2023-6935. wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25107
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25107. WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `->text()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the `(editinterface)` right. This vulnerability has been addressed in commit `267e763a0`. Users are advised to update their installations. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000450000
CVE-2024-25107
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-25107. WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `->text()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the `(editinterface)` right. This vulnerability has been addressed in commit `267e763a0`. Users are advised to update their installations. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
EDB-51787
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51787. Elasticsearch - StackOverflow DoS
EDB-51787
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51787. Elasticsearch - StackOverflow DoS
#ExploitObserverAlert
ZDI-24-119
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-119. X.Org Server DisableDevice Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-21886.
ZDI-24-119
DESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to ZDI-24-119. X.Org Server DisableDevice Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-21886.
#ExploitObserverAlert
PSS-177060
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177060. Red Hat Security Advisory 2024-0755-03. Red Hat Security Advisory 2024-0755-03 - An update for runc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
PSS-177060
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177060. Red Hat Security Advisory 2024-0755-03. Red Hat Security Advisory 2024-0755-03 - An update for runc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
#ExploitObserverAlert
CVE-2024-24815
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-24815. CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts.
FIRST-EPSS: 0.000480000
CVE-2024-24815
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-24815. CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts.
FIRST-EPSS: 0.000480000
#ExploitObserverAlert
PSS-177058
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177058. Ubuntu Security Notice USN-6627-1. Ubuntu Security Notice 6627-1 - It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. It was discovered that libde265 did not properly manage memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
PSS-177058
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177058. Ubuntu Security Notice USN-6627-1. Ubuntu Security Notice 6627-1 - It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. It was discovered that libde265 did not properly manage memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
#ExploitObserverAlert
PSS-177072
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177072. Gentoo Linux Security Advisory 202402-11. Gentoo Linux Security Advisory 202402-11 - Multiple denial of service vulnerabilities have been found in libxml2. Versions greater than or equal to 2.12.5 are affected.
PSS-177072
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177072. Gentoo Linux Security Advisory 202402-11. Gentoo Linux Security Advisory 202402-11 - Multiple denial of service vulnerabilities have been found in libxml2. Versions greater than or equal to 2.12.5 are affected.
#ExploitObserverAlert
WLB-2024020035
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020035. Laravel Env file Access Open Directory.
WLB-2024020035
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020035. Laravel Env file Access Open Directory.
#ExploitObserverAlert
EDB-51791
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51791. Online Nurse Hiring System 1.0 - Time-Based SQL Injection
EDB-51791
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to EDB-51791. Online Nurse Hiring System 1.0 - Time-Based SQL Injection
#ExploitObserverAlert
PSS-177065
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177065. Red Hat Security Advisory 2024-0759-03. Red Hat Security Advisory 2024-0759-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
PSS-177065
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177065. Red Hat Security Advisory 2024-0759-03. Red Hat Security Advisory 2024-0759-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
#ExploitObserverAlert
ZDI-24-101
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-101. Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-22513.
ZDI-24-101
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-101. Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-22513.
#ExploitObserverAlert
ZDI-24-111
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to ZDI-24-111. Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2023-22360.
ZDI-24-111
DESCRIPTION: Exploit Observer has 5 entries in 2 file formats related to ZDI-24-111. Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2023-22360.
#ExploitObserverAlert
PSS-177048
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177048. Red Hat Security Advisory 2024-0728-03. Red Hat Security Advisory 2024-0728-03 - Logging Subsystem 5.8.3 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.
PSS-177048
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177048. Red Hat Security Advisory 2024-0728-03. Red Hat Security Advisory 2024-0728-03 - Logging Subsystem 5.8.3 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.
#ExploitObserverAlert
ZDI-24-100
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-100. Allegra serveMathJaxLibraries Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-22532.
ZDI-24-100
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-100. Allegra serveMathJaxLibraries Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-22532.
#ExploitObserverAlert
ZDI-24-110
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to ZDI-24-110. Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2023-22361.
ZDI-24-110
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to ZDI-24-110. Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2023-22361.
#ExploitObserverAlert
PSS-177067
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177067. Red Hat Security Advisory 2024-0764-03. Red Hat Security Advisory 2024-0764-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
PSS-177067
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177067. Red Hat Security Advisory 2024-0764-03. Red Hat Security Advisory 2024-0764-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.