#ExploitObserverAlert
GHSA-3qpq-6w89-f7mx
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-3qpq-6w89-f7mx. Pimcore Host Header Injection in user invitation link
GHSA-3qpq-6w89-f7mx
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-3qpq-6w89-f7mx. Pimcore Host Header Injection in user invitation link
#ExploitObserverAlert
GHSA-4265-ccf5-phj5
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-4265-ccf5-phj5. Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
GHSA-4265-ccf5-phj5
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-4265-ccf5-phj5. Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
#ExploitObserverAlert
TALOS-2024-1919
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1919. Contact Cisco Talos Incident Response.
TALOS-2024-1919
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1919. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
CVE-2024-22250
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22250. Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.
CVE-2024-22250
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22250. Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system.
#ExploitObserverAlert
GHSA-vfph-hjfv-cpv2
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-vfph-hjfv-cpv2. Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
GHSA-vfph-hjfv-cpv2
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-vfph-hjfv-cpv2. Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
#ExploitObserverAlert
GHSA-xfg6-62px-cxc2
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-xfg6-62px-cxc2. SQL injection in pgjdbc
GHSA-xfg6-62px-cxc2
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-xfg6-62px-cxc2. SQL injection in pgjdbc
#ExploitObserverAlert
GHSA-cp8m-h777-g4p3
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-cp8m-h777-g4p3. Improper Access Control in moodle
GHSA-cp8m-h777-g4p3
DESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to GHSA-cp8m-h777-g4p3. Improper Access Control in moodle
#ExploitObserverAlert
CVE-2024-25198
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25198. Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
CVE-2024-25198
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25198. Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
#ExploitObserverAlert
WLB-2024020065
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020065. Ticico - Blind SQL Injection.
WLB-2024020065
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020065. Ticico - Blind SQL Injection.
#ExploitObserverAlert
CVE-2023-6936
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-6936. In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).
CVE-2023-6936
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-6936. In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).
#ExploitObserverAlert
GHSA-f3qm-vfc3-jg6v
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-f3qm-vfc3-jg6v. Possible CSRF attack at questionnaire templates preview
GHSA-f3qm-vfc3-jg6v
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-f3qm-vfc3-jg6v. Possible CSRF attack at questionnaire templates preview
#ExploitObserverAlert
CVE-2024-21812
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-21812. An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2024-21812
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-21812. An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-23313
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23313. An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2024-23313
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23313. An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
#ExploitObserverAlert
CVE-2023-48220
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-48220. Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable dependencies starting in version 0.0.1.alpha3 and prior to versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems. When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited. The only check done is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period. Decidim sets this configuration to `2.weeks` so this configuration should be respected. The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available. `devise_invitable` to version `2.0.9` and above fix this issue. Versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems contain this fix. As a workaround, invitations can be cancelled directly from the database.
CVE-2023-48220
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-48220. Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable dependencies starting in version 0.0.1.alpha3 and prior to versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems. When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited. The only check done is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period. Decidim sets this configuration to `2.weeks` so this configuration should be respected. The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available. `devise_invitable` to version `2.0.9` and above fix this issue. Versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems contain this fix. As a workaround, invitations can be cancelled directly from the database.
#ExploitObserverAlert
CVE-2024-0794
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0794. Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file.
CVE-2024-0794
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0794. Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file.
#ExploitObserverAlert
TALOS-2024-1922
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1922. Contact Cisco Talos Incident Response.
TALOS-2024-1922
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1922. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
TALOS-2024-1920
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1920. Contact Cisco Talos Incident Response.
TALOS-2024-1920
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1920. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
GHSA-mcqj-7p29-9528
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-mcqj-7p29-9528. MantisBT Host Header Injection vulnerability
GHSA-mcqj-7p29-9528
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-mcqj-7p29-9528. MantisBT Host Header Injection vulnerability
#ExploitObserverAlert
GHSA-ff72-ff42-c3gw
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-ff72-ff42-c3gw. Cross-site Scripting in github.com/greenpau/caddy-security
GHSA-ff72-ff42-c3gw
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-ff72-ff42-c3gw. Cross-site Scripting in github.com/greenpau/caddy-security
#ExploitObserverAlert
CVE-2024-24474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24474. Buffer Overflow vulnerability in Qemu before v.8.2.0 allows a remote attacker to execute arbitrary code via the async_len variable to the FIFO buffer component.
CVE-2024-24474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24474. Buffer Overflow vulnerability in Qemu before v.8.2.0 allows a remote attacker to execute arbitrary code via the async_len variable to the FIFO buffer component.
#ExploitObserverAlert
CVE-2024-23809
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23809. A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2024-23809
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23809. A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9