#ExploitObserverAlert
PSS-177196
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177196. Red Hat Security Advisory 2024-0866-03. Red Hat Security Advisory 2024-0866-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and deserialization vulnerabilities.
PSS-177196
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177196. Red Hat Security Advisory 2024-0866-03. Red Hat Security Advisory 2024-0866-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and deserialization vulnerabilities.
#ExploitObserverAlert
PSS-177206
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177206. Red Hat Security Advisory 2024-0897-03. Red Hat Security Advisory 2024-0897-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
PSS-177206
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177206. Red Hat Security Advisory 2024-0897-03. Red Hat Security Advisory 2024-0897-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
#ExploitObserverAlert
CVE-2024-0715
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0715. Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.
FIRST-EPSS: 0.000610000
CVE-2024-0715
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0715. Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.
FIRST-EPSS: 0.000610000
#ExploitObserverAlert
CVE-2024-21896
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-21896. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
FIRST-EPSS: 0.000430000
CVE-2024-21896
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-21896. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
PSS-177205
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177205. Red Hat Security Advisory 2024-0894-03. Red Hat Security Advisory 2024-0894-03 - An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.
PSS-177205
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177205. Red Hat Security Advisory 2024-0894-03. Red Hat Security Advisory 2024-0894-03 - An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.
#ExploitObserverAlert
TALOS-2023-1829
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2023-1829. Contact Cisco Talos Incident Response.
TALOS-2023-1829
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2023-1829. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
CVE-2022-45320
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-45320. Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.
FIRST-EPSS: 0.000430000
CVE-2022-45320
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-45320. Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-6764
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6764. A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.
FIRST-EPSS: 0.000430000
CVE-2023-6764
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6764. A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
PD/javascript/misconfiguration/ssh/ssh-weak-public-key
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/ssh/ssh-weak-public-key. SSH host keys with a bit length below 2048 are deemed weak, posing an increased vulnerability to security threats. Employing robust key lengths is crucial for fortifying the integrity of encrypted communication and thwarting potential exploits.
PD/javascript/misconfiguration/ssh/ssh-weak-public-key
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PD/javascript/misconfiguration/ssh/ssh-weak-public-key. SSH host keys with a bit length below 2048 are deemed weak, posing an increased vulnerability to security threats. Employing robust key lengths is crucial for fortifying the integrity of encrypted communication and thwarting potential exploits.
#ExploitObserverAlert
CVE-2024-21891
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-21891. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
FIRST-EPSS: 0.000430000
CVE-2024-21891
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-21891. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-6399
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6399. A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.
FIRST-EPSS: 0.000430000
NVD-IS: 3.6
NVD-ES: 2.1
CVE-2023-6399
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6399. A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.
FIRST-EPSS: 0.000430000
NVD-IS: 3.6
NVD-ES: 2.1
#ExploitObserverAlert
PSS-177194
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177194. Red Hat Security Advisory 2024-0862-03. Red Hat Security Advisory 2024-0862-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
PSS-177194
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177194. Red Hat Security Advisory 2024-0862-03. Red Hat Security Advisory 2024-0862-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
#ExploitObserverAlert
CVE-2024-1510
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1510. The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000450000
CVE-2024-1510
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1510. The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
PSS-177199
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177199. Red Hat Security Advisory 2024-0880-03. Red Hat Security Advisory 2024-0880-03 - Red Hat OpenShift Serverless 1.31.1 is now available. Issues addressed include denial of service and traversal vulnerabilities.
PSS-177199
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177199. Red Hat Security Advisory 2024-0880-03. Red Hat Security Advisory 2024-0880-03 - Red Hat OpenShift Serverless 1.31.1 is now available. Issues addressed include denial of service and traversal vulnerabilities.
#ExploitObserverAlert
CVE-2024-1644
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1644. Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.
FIRST-EPSS: 0.000500000
NVD-IS: 6.0
NVD-ES: 3.1
CVE-2024-1644
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1644. Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.
FIRST-EPSS: 0.000500000
NVD-IS: 6.0
NVD-ES: 3.1
#ExploitObserverAlert
CVE-2023-6398
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6398. A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.
FIRST-EPSS: 0.000520000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2023-6398
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-6398. A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.
FIRST-EPSS: 0.000520000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
PSS-177202
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177202. Red Hat Security Advisory 2024-0888-03. Red Hat Security Advisory 2024-0888-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.
PSS-177202
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177202. Red Hat Security Advisory 2024-0888-03. Red Hat Security Advisory 2024-0888-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.
#ExploitObserverAlert
CVE-2024-25150
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25150. Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.
CVE-2024-25150
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25150. Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.
#ExploitObserverAlert
PSS-177203
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177203. Red Hat Security Advisory 2024-0889-03. Red Hat Security Advisory 2024-0889-03 - An update for oniguruma is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, integer overflow, out of bounds read, and use-after-free vulnerabilities.
PSS-177203
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177203. Red Hat Security Advisory 2024-0889-03. Red Hat Security Advisory 2024-0889-03 - An update for oniguruma is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, integer overflow, out of bounds read, and use-after-free vulnerabilities.
#ExploitObserverAlert
PSS-177217
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177217. Ubuntu Security Notice USN-6644-1. Ubuntu Security Notice 6644-1 - It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service.
PSS-177217
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177217. Ubuntu Security Notice USN-6644-1. Ubuntu Security Notice 6644-1 - It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service.
#ExploitObserverAlert
CVE-2024-25149
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25149. Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.
FIRST-EPSS: 0.000430000
CVE-2024-25149
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25149. Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.
FIRST-EPSS: 0.000430000