#ExploitObserverAlert
CVE-2023-46848
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46848. Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
FIRST-EPSS: 0.008820000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-46848
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46848. Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
FIRST-EPSS: 0.008820000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-40661
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40661. Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 0.5
CVE-2023-40661
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40661. Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 0.5
#ExploitObserverAlert
CVE-2023-40454
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40454. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.
FIRST-EPSS: 0.000710000
NVD-IS: 5.2
NVD-ES: 1.8
CVE-2023-40454
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-40454. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.
FIRST-EPSS: 0.000710000
NVD-IS: 5.2
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-4834
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4834. In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-4834
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4834. In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-31284
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-31284. illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-31284
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-31284. illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
GHSA-3vmm-7h4j-69rm
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-3VMM-7H4J-69RM. Given that there are at least two different sites in the same TYPO3 installation - for instance first.example.org and second.example.com - then a session cookie generated for the first site can be reused on the second site without requiring additional authentication.
GHSS: 4.2
GHSA-3vmm-7h4j-69rm
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-3VMM-7H4J-69RM. Given that there are at least two different sites in the same TYPO3 installation - for instance first.example.org and second.example.com - then a session cookie generated for the first site can be reused on the second site without requiring additional authentication.
GHSS: 4.2
#ExploitObserverAlert
GHSA-3p6j-m8j2-m6rc
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-3P6J-M8J2-M6RC. An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code.
GHSS: 9.8
GHSA-3p6j-m8j2-m6rc
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-3P6J-M8J2-M6RC. An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code.
GHSS: 9.8
#ExploitObserverAlert
GHSA-77pm-gxx7-5c5f
DESCRIPTION: Exploit Observer has 8 entries related to GHSA-77PM-GXX7-5C5F. A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
GHSS: 7.0
GHSA-77pm-gxx7-5c5f
DESCRIPTION: Exploit Observer has 8 entries related to GHSA-77PM-GXX7-5C5F. A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
GHSS: 7.0
#ExploitObserverAlert
GHSA-2r3g-9rm8-7fv3
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-2R3G-9RM8-7FV3. The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
GHSA-2r3g-9rm8-7fv3
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-2R3G-9RM8-7FV3. The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
#ExploitObserverAlert
GHSA-4jq9-2xhw-jpx7
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-4JQ9-2XHW-JPX7. A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using \ to escape special characters, including \ itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of \ characters in the escaped string.
GHSA-4jq9-2xhw-jpx7
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-4JQ9-2XHW-JPX7. A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using \ to escape special characters, including \ itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of \ characters in the escaped string.
#ExploitObserverAlert
CVE-2023-4911
DESCRIPTION: Exploit Observer has 178 entries related to CVE-2023-4911. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
FIRST-EPSS: 0.018070000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-4911
DESCRIPTION: Exploit Observer has 178 entries related to CVE-2023-4911. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
FIRST-EPSS: 0.018070000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-45853
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2023-45853. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.
FIRST-EPSS: 0.000980000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-45853
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2023-45853. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.
FIRST-EPSS: 0.000980000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-4205
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-4205. In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-4205
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-4205. In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-24488
DESCRIPTION: Exploit Observer has 79 entries related to CVE-2023-24488. Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting
FIRST-EPSS: 0.014460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-24488
DESCRIPTION: Exploit Observer has 79 entries related to CVE-2023-24488. Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting
FIRST-EPSS: 0.014460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-36025
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-36025. Windows SmartScreen Security Feature Bypass Vulnerability
FIRST-EPSS: 0.007930000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-36025
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-36025. Windows SmartScreen Security Feature Bypass Vulnerability
FIRST-EPSS: 0.007930000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-38646
DESCRIPTION: Exploit Observer has 76 entries related to CVE-2023-38646. Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
FIRST-EPSS: 0.604450000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-38646
DESCRIPTION: Exploit Observer has 76 entries related to CVE-2023-38646. Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
FIRST-EPSS: 0.604450000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-33009
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-33009. A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
FIRST-EPSS: 0.028100000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-33009
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-33009. A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
FIRST-EPSS: 0.028100000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-47246
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-47246. In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
FIRST-EPSS: 0.667970000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-47246
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-47246. In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
FIRST-EPSS: 0.667970000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-27997
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2023-27997. A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
FIRST-EPSS: 0.154070000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-27997
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2023-27997. A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
FIRST-EPSS: 0.154070000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-35078
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2023-35078. Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
FIRST-EPSS: 0.964440000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-35078
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2023-35078. Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
FIRST-EPSS: 0.964440000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-22516
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22516. This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7. JDK 1.8u121 should be used in case Java 8 used to run Bamboo Data Center and Server. See Bamboo 9.2 Upgrade notes (https://confluence.atlassian.com/bambooreleases/bamboo-9-2-upgrade-notes-1207179212.html) Bamboo Data Center and Server 9.3: Upgrade to a release greater than or equal to 9.3.4 See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was discovered by a private user and reported via our Bug Bounty program
FIRST-EPSS: 0.000530000
CVE-2023-22516
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22516. This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7. JDK 1.8u121 should be used in case Java 8 used to run Bamboo Data Center and Server. See Bamboo 9.2 Upgrade notes (https://confluence.atlassian.com/bambooreleases/bamboo-9-2-upgrade-notes-1207179212.html) Bamboo Data Center and Server 9.3: Upgrade to a release greater than or equal to 9.3.4 See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was discovered by a private user and reported via our Bug Bounty program
FIRST-EPSS: 0.000530000