#ExploitObserverAlert
CVE-2023-36553
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36553. A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-36553
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36553. A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-20042
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-20042. A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition.
FIRST-EPSS: 0.000630000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-20042
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-20042. A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition.
FIRST-EPSS: 0.000630000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-46848
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46848. Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
FIRST-EPSS: 0.008820000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-46848
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46848. Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
FIRST-EPSS: 0.008820000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-40661
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40661. Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 0.5
CVE-2023-40661
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40661. Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 0.5
#ExploitObserverAlert
CVE-2023-40454
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40454. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.
FIRST-EPSS: 0.000710000
NVD-IS: 5.2
NVD-ES: 1.8
CVE-2023-40454
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40454. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.
FIRST-EPSS: 0.000710000
NVD-IS: 5.2
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-4834
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4834. In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-4834
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4834. In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-31284
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-31284. illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-31284
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-31284. illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
GHSA-3vmm-7h4j-69rm
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-3VMM-7H4J-69RM. Given that there are at least two different sites in the same TYPO3 installation - for instance first.example.org and second.example.com - then a session cookie generated for the first site can be reused on the second site without requiring additional authentication.
GHSS: 4.2
GHSA-3vmm-7h4j-69rm
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-3VMM-7H4J-69RM. Given that there are at least two different sites in the same TYPO3 installation - for instance first.example.org and second.example.com - then a session cookie generated for the first site can be reused on the second site without requiring additional authentication.
GHSS: 4.2
#ExploitObserverAlert
GHSA-3p6j-m8j2-m6rc
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-3P6J-M8J2-M6RC. An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code.
GHSS: 9.8
GHSA-3p6j-m8j2-m6rc
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-3P6J-M8J2-M6RC. An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code.
GHSS: 9.8
#ExploitObserverAlert
GHSA-77pm-gxx7-5c5f
DESCRIPTION: Exploit Observer has 8 entries related to GHSA-77PM-GXX7-5C5F. A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
GHSS: 7.0
GHSA-77pm-gxx7-5c5f
DESCRIPTION: Exploit Observer has 8 entries related to GHSA-77PM-GXX7-5C5F. A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
GHSS: 7.0
#ExploitObserverAlert
GHSA-2r3g-9rm8-7fv3
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-2R3G-9RM8-7FV3. The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
GHSA-2r3g-9rm8-7fv3
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-2R3G-9RM8-7FV3. The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
#ExploitObserverAlert
GHSA-4jq9-2xhw-jpx7
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-4JQ9-2XHW-JPX7. A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using \ to escape special characters, including \ itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of \ characters in the escaped string.
GHSA-4jq9-2xhw-jpx7
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-4JQ9-2XHW-JPX7. A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using \ to escape special characters, including \ itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of \ characters in the escaped string.
#ExploitObserverAlert
CVE-2023-4911
DESCRIPTION: Exploit Observer has 178 entries related to CVE-2023-4911. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
FIRST-EPSS: 0.018070000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-4911
DESCRIPTION: Exploit Observer has 178 entries related to CVE-2023-4911. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
FIRST-EPSS: 0.018070000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-45853
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2023-45853. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.
FIRST-EPSS: 0.000980000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-45853
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2023-45853. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.
FIRST-EPSS: 0.000980000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-4205
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-4205. In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-4205
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-4205. In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-24488
DESCRIPTION: Exploit Observer has 79 entries related to CVE-2023-24488. Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting
FIRST-EPSS: 0.014460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-24488
DESCRIPTION: Exploit Observer has 79 entries related to CVE-2023-24488. Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting
FIRST-EPSS: 0.014460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-36025
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-36025. Windows SmartScreen Security Feature Bypass Vulnerability
FIRST-EPSS: 0.007930000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-36025
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-36025. Windows SmartScreen Security Feature Bypass Vulnerability
FIRST-EPSS: 0.007930000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-38646
DESCRIPTION: Exploit Observer has 76 entries related to CVE-2023-38646. Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
FIRST-EPSS: 0.604450000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-38646
DESCRIPTION: Exploit Observer has 76 entries related to CVE-2023-38646. Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
FIRST-EPSS: 0.604450000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-33009
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-33009. A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
FIRST-EPSS: 0.028100000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-33009
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-33009. A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
FIRST-EPSS: 0.028100000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-47246
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-47246. In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
FIRST-EPSS: 0.667970000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-47246
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-47246. In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
FIRST-EPSS: 0.667970000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-27997
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2023-27997. A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
FIRST-EPSS: 0.154070000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-27997
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2023-27997. A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
FIRST-EPSS: 0.154070000
NVD-IS: 5.9
NVD-ES: 3.9