#ExploitObserverAlert
GHSA-2r3g-9rm8-7fv3
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-2R3G-9RM8-7FV3. The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
GHSA-2r3g-9rm8-7fv3
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-2R3G-9RM8-7FV3. The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
#ExploitObserverAlert
GHSA-4jq9-2xhw-jpx7
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-4JQ9-2XHW-JPX7. A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using \ to escape special characters, including \ itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of \ characters in the escaped string.
GHSA-4jq9-2xhw-jpx7
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-4JQ9-2XHW-JPX7. A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using \ to escape special characters, including \ itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of \ characters in the escaped string.
#ExploitObserverAlert
CVE-2023-4911
DESCRIPTION: Exploit Observer has 178 entries related to CVE-2023-4911. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
FIRST-EPSS: 0.018070000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-4911
DESCRIPTION: Exploit Observer has 178 entries related to CVE-2023-4911. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
FIRST-EPSS: 0.018070000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-45853
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2023-45853. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.
FIRST-EPSS: 0.000980000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-45853
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2023-45853. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.
FIRST-EPSS: 0.000980000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-4205
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-4205. In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-4205
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-4205. In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-24488
DESCRIPTION: Exploit Observer has 79 entries related to CVE-2023-24488. Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting
FIRST-EPSS: 0.014460000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-24488
DESCRIPTION: Exploit Observer has 79 entries related to CVE-2023-24488. Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting
FIRST-EPSS: 0.014460000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-36025
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-36025. Windows SmartScreen Security Feature Bypass Vulnerability
FIRST-EPSS: 0.007930000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-36025
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-36025. Windows SmartScreen Security Feature Bypass Vulnerability
FIRST-EPSS: 0.007930000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-38646
DESCRIPTION: Exploit Observer has 76 entries related to CVE-2023-38646. Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
FIRST-EPSS: 0.604450000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-38646
DESCRIPTION: Exploit Observer has 76 entries related to CVE-2023-38646. Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
FIRST-EPSS: 0.604450000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-33009
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-33009. A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
FIRST-EPSS: 0.028100000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-33009
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-33009. A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
FIRST-EPSS: 0.028100000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-47246
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-47246. In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
FIRST-EPSS: 0.667970000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-47246
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2023-47246. In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
FIRST-EPSS: 0.667970000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-27997
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2023-27997. A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
FIRST-EPSS: 0.154070000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-27997
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2023-27997. A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
FIRST-EPSS: 0.154070000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-35078
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2023-35078. Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
FIRST-EPSS: 0.964440000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-35078
DESCRIPTION: Exploit Observer has 34 entries related to CVE-2023-35078. Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
FIRST-EPSS: 0.964440000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-22516
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22516. This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7. JDK 1.8u121 should be used in case Java 8 used to run Bamboo Data Center and Server. See Bamboo 9.2 Upgrade notes (https://confluence.atlassian.com/bambooreleases/bamboo-9-2-upgrade-notes-1207179212.html) Bamboo Data Center and Server 9.3: Upgrade to a release greater than or equal to 9.3.4 See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was discovered by a private user and reported via our Bug Bounty program
FIRST-EPSS: 0.000530000
CVE-2023-22516
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22516. This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7. JDK 1.8u121 should be used in case Java 8 used to run Bamboo Data Center and Server. See Bamboo 9.2 Upgrade notes (https://confluence.atlassian.com/bambooreleases/bamboo-9-2-upgrade-notes-1207179212.html) Bamboo Data Center and Server 9.3: Upgrade to a release greater than or equal to 9.3.4 See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was discovered by a private user and reported via our Bug Bounty program
FIRST-EPSS: 0.000530000
#ExploitObserverAlert
GHSA-m4mp-v249-x3mh
DESCRIPTION: Exploit Observer has 85 entries related to GHSA-M4MP-V249-X3MH. When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.
GHSS: 5.9
GHSA-m4mp-v249-x3mh
DESCRIPTION: Exploit Observer has 85 entries related to GHSA-M4MP-V249-X3MH. When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.
GHSS: 5.9
#ExploitObserverAlert
CVE-2023-47359
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47359. Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-47359
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47359. Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-22521
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22521. This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.0, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Crowd Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Crowd Data Center and Server 3.4: Upgrade to a release greater than or equal to 5.1.6 Crowd Data Center and Server 5.2: Upgrade to a release greater than or equal to 5.2.1 See the release notes ([https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html]). You can download the latest version of Crowd Data Center and Server from the download center ([https://www.atlassian.com/software/crowd/download-archive]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program
FIRST-EPSS: 0.000530000
CVE-2023-22521
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22521. This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.0, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Crowd Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Crowd Data Center and Server 3.4: Upgrade to a release greater than or equal to 5.1.6 Crowd Data Center and Server 5.2: Upgrade to a release greater than or equal to 5.2.1 See the release notes ([https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html]). You can download the latest version of Crowd Data Center and Server from the download center ([https://www.atlassian.com/software/crowd/download-archive]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program
FIRST-EPSS: 0.000530000
#ExploitObserverAlert
CVE-2023-39796
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-39796. SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.
FIRST-EPSS: 0.001370000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-39796
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-39796. SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.
FIRST-EPSS: 0.001370000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-45573
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45573. Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G V2.D1 v.23.08.23D1, and DI-7400G V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
FIRST-EPSS: 0.002020000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-45573
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-45573. Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G V2.D1 v.23.08.23D1, and DI-7400G V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
FIRST-EPSS: 0.002020000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-m6fg-m377-682m
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-M6FG-M377-682M. This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server.
GHSS: 8.0
GHSA-m6fg-m377-682m
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-M6FG-M377-682M. This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server.
GHSS: 8.0
#ExploitObserverAlert
GHSA-5rc2-w7v5-6rgm
DESCRIPTION: Exploit Observer has 15 entries related to GHSA-5RC2-W7V5-6RGM. An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1.
GHSA-5rc2-w7v5-6rgm
DESCRIPTION: Exploit Observer has 15 entries related to GHSA-5RC2-W7V5-6RGM. An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1.
#ExploitObserverAlert
CVE-2023-46847
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46847. Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
FIRST-EPSS: 0.062290000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-46847
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46847. Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
FIRST-EPSS: 0.062290000
NVD-IS: 3.6
NVD-ES: 3.9