#ExploitObserverAlert
PSS-177204
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177204. Red Hat Security Advisory 2024-0893-03. Red Hat Security Advisory 2024-0893-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.
PSS-177204
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177204. Red Hat Security Advisory 2024-0893-03. Red Hat Security Advisory 2024-0893-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.
#ExploitObserverAlert
PSS-177215
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177215. Ubuntu Security Notice USN-6625-3. Ubuntu Security Notice 6625-3 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.
PSS-177215
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177215. Ubuntu Security Notice USN-6625-3. Ubuntu Security Notice 6625-3 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.
#ExploitObserverAlert
PSS-177209
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177209. Tourism Management System 2.0 Shell Upload. Tourism Management System version 2.0 suffers from a remote shell upload vulnerability.
PSS-177209
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177209. Tourism Management System 2.0 Shell Upload. Tourism Management System version 2.0 suffers from a remote shell upload vulnerability.
#ExploitObserverAlert
CVE-2024-25604
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25604. Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel.
CVE-2024-25604
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25604. Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel.
#ExploitObserverAlert
PSS-177210
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177210. Petrol Pump Management Software 1.0 Shell Upload. Petrol Pump Management Software version 1.0 suffers from a remote shell upload vulnerability.
PSS-177210
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177210. Petrol Pump Management Software 1.0 Shell Upload. Petrol Pump Management Software version 1.0 suffers from a remote shell upload vulnerability.
#ExploitObserverAlert
PSS-177200
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177200. Red Hat Security Advisory 2024-0881-03. Red Hat Security Advisory 2024-0881-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
PSS-177200
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177200. Red Hat Security Advisory 2024-0881-03. Red Hat Security Advisory 2024-0881-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
#ExploitObserverAlert
PSS-177213
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177213. Ubuntu Security Notice USN-6642-1. Ubuntu Security Notice 6642-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
PSS-177213
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177213. Ubuntu Security Notice USN-6642-1. Ubuntu Security Notice 6642-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
#ExploitObserverAlert
CVE-2024-1608
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1608. In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction.
CVE-2024-1608
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1608. In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction.
#ExploitObserverAlert
PSS-177198
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177198. Red Hat Security Advisory 2024-0879-03. Red Hat Security Advisory 2024-0879-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Issues addressed include denial of service and deserialization vulnerabilities.
PSS-177198
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177198. Red Hat Security Advisory 2024-0879-03. Red Hat Security Advisory 2024-0879-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Issues addressed include denial of service and deserialization vulnerabilities.
#ExploitObserverAlert
CVE-2024-21890
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-21890. The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: ``` --allow-fs-read=/home/node/.ssh/*.pub ``` will ignore `pub` and give access to everything after `.ssh/`. This misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
FIRST-EPSS: 0.000430000
CVE-2024-21890
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-21890. The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: ``` --allow-fs-read=/home/node/.ssh/*.pub ``` will ignore `pub` and give access to everything after `.ssh/`. This misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2022-48625
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-48625. Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary.
FIRST-EPSS: 0.000430000
CVE-2022-48625
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-48625. Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
PSS-177214
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177214. Kafka UI 0.7.1 Command Injection. A command injection vulnerability exists in Kafka UI versions 0.4.0 through 0.7.1 that allows an attacker to inject and execute arbitrary shell commands via the groovy filter parameter at the topic section.
PSS-177214
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177214. Kafka UI 0.7.1 Command Injection. A command injection vulnerability exists in Kafka UI versions 0.4.0 through 0.7.1 that allows an attacker to inject and execute arbitrary shell commands via the groovy filter parameter at the topic section.
#ExploitObserverAlert
CVE-2024-25973
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25973. The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-category) can enter unfiltered input in the name field. In addition, attackers who are allowed to create curriculums can also enter unfiltered input in the name field. This allows an attacker to execute stored JavaScript code with the permissions of the victim in the context of the user's browser.
CVE-2024-25973
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25973. The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-category) can enter unfiltered input in the name field. In addition, attackers who are allowed to create curriculums can also enter unfiltered input in the name field. This allows an attacker to execute stored JavaScript code with the permissions of the victim in the context of the user's browser.
#ExploitObserverAlert
CVE-2024-1651
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1651. Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.
FIRST-EPSS: 0.000710000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2024-1651
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1651. Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.
FIRST-EPSS: 0.000710000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-22019
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-22019. A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.
FIRST-EPSS: 0.000430000
CVE-2024-22019
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-22019. A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
PSS-177212
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177212. Savsoft Quiz 6.0 Enterprise Cross Site Scripting. Savsoft Quiz version 6.0 Enterprise suffers from a persistent cross site scripting vulnerability.
PSS-177212
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177212. Savsoft Quiz 6.0 Enterprise Cross Site Scripting. Savsoft Quiz version 6.0 Enterprise suffers from a persistent cross site scripting vulnerability.
#ExploitObserverAlert
PSS-177201
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177201. Red Hat Security Advisory 2024-0887-03. Red Hat Security Advisory 2024-0887-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
PSS-177201
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177201. Red Hat Security Advisory 2024-0887-03. Red Hat Security Advisory 2024-0887-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
#ExploitObserverAlert
TALOS-2024-1931
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1931. Contact Cisco Talos Incident Response.
TALOS-2024-1931
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1931. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
TALOS-2023-1828
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2023-1828. Contact Cisco Talos Incident Response.
TALOS-2023-1828
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2023-1828. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
PD/javascript/misconfiguration/smb/smb-signing-not-required
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/smb/smb-signing-not-required. Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
PD/javascript/misconfiguration/smb/smb-signing-not-required
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/smb/smb-signing-not-required. Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
#ExploitObserverAlert
CVE-2024-1297
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1297. Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection.
FIRST-EPSS: 0.000660000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2024-1297
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1297. Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection.
FIRST-EPSS: 0.000660000
NVD-IS: 6.0
NVD-ES: 3.9