#ExploitObserverAlert
CVE-2024-25198
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25198. Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
CVE-2024-25198
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25198. Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
#ExploitObserverAlert
WLB-2024020065
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020065. Ticico - Blind SQL Injection.
WLB-2024020065
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020065. Ticico - Blind SQL Injection.
#ExploitObserverAlert
CVE-2023-6936
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-6936. In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).
CVE-2023-6936
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2023-6936. In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).
#ExploitObserverAlert
GHSA-f3qm-vfc3-jg6v
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-f3qm-vfc3-jg6v. Possible CSRF attack at questionnaire templates preview
GHSA-f3qm-vfc3-jg6v
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-f3qm-vfc3-jg6v. Possible CSRF attack at questionnaire templates preview
#ExploitObserverAlert
CVE-2024-21812
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-21812. An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2024-21812
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-21812. An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-23313
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23313. An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2024-23313
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23313. An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
#ExploitObserverAlert
CVE-2023-48220
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-48220. Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable dependencies starting in version 0.0.1.alpha3 and prior to versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems. When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited. The only check done is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period. Decidim sets this configuration to `2.weeks` so this configuration should be respected. The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available. `devise_invitable` to version `2.0.9` and above fix this issue. Versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems contain this fix. As a workaround, invitations can be cancelled directly from the database.
CVE-2023-48220
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-48220. Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable dependencies starting in version 0.0.1.alpha3 and prior to versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems. When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited. The only check done is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period. Decidim sets this configuration to `2.weeks` so this configuration should be respected. The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available. `devise_invitable` to version `2.0.9` and above fix this issue. Versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems contain this fix. As a workaround, invitations can be cancelled directly from the database.
#ExploitObserverAlert
CVE-2024-0794
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0794. Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file.
CVE-2024-0794
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0794. Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file.
#ExploitObserverAlert
TALOS-2024-1922
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1922. Contact Cisco Talos Incident Response.
TALOS-2024-1922
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1922. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
TALOS-2024-1920
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1920. Contact Cisco Talos Incident Response.
TALOS-2024-1920
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1920. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
GHSA-mcqj-7p29-9528
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-mcqj-7p29-9528. MantisBT Host Header Injection vulnerability
GHSA-mcqj-7p29-9528
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-mcqj-7p29-9528. MantisBT Host Header Injection vulnerability
#ExploitObserverAlert
GHSA-ff72-ff42-c3gw
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-ff72-ff42-c3gw. Cross-site Scripting in github.com/greenpau/caddy-security
GHSA-ff72-ff42-c3gw
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-ff72-ff42-c3gw. Cross-site Scripting in github.com/greenpau/caddy-security
#ExploitObserverAlert
CVE-2024-24474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24474. Buffer Overflow vulnerability in Qemu before v.8.2.0 allows a remote attacker to execute arbitrary code via the async_len variable to the FIFO buffer component.
CVE-2024-24474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24474. Buffer Overflow vulnerability in Qemu before v.8.2.0 allows a remote attacker to execute arbitrary code via the async_len variable to the FIFO buffer component.
#ExploitObserverAlert
CVE-2024-23809
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23809. A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2024-23809
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23809. A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-25366
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25366. Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.
CVE-2024-25366
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25366. Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.
#ExploitObserverAlert
WLB-2024020066
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020066. InstantCMS 2.16.1 Cross Site Scripting.
WLB-2024020066
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020066. InstantCMS 2.16.1 Cross Site Scripting.
#ExploitObserverAlert
CVE-2024-22824
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22824. An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component.
CVE-2024-22824
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22824. An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component.
#ExploitObserverAlert
CVE-2023-52437
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52437. In the Linux kernel, the following vulnerability has been resolved: Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" This reverts commit 5e2cf333b7bd5d3e62595a44d598a254c697cd74. That commit introduced the following race and can cause system hung. md_write_start: raid5d: // mddev->in_sync == 1 set "MD_SB_CHANGE_PENDING" // running before md_write_start wakeup it waiting "MD_SB_CHANGE_PENDING" cleared >>>>>>>>> hung wakeup mddev->thread ... waiting "MD_SB_CHANGE_PENDING" cleared >>>> hung, raid5d should clear this flag but get hung by same flag. The issue reverted commit fixing is fixed by last patch in a new way.
CVE-2023-52437
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52437. In the Linux kernel, the following vulnerability has been resolved: Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" This reverts commit 5e2cf333b7bd5d3e62595a44d598a254c697cd74. That commit introduced the following race and can cause system hung. md_write_start: raid5d: // mddev->in_sync == 1 set "MD_SB_CHANGE_PENDING" // running before md_write_start wakeup it waiting "MD_SB_CHANGE_PENDING" cleared >>>>>>>>> hung wakeup mddev->thread ... waiting "MD_SB_CHANGE_PENDING" cleared >>>> hung, raid5d should clear this flag but get hung by same flag. The issue reverted commit fixing is fixed by last patch in a new way.
#ExploitObserverAlert
GHSA-vp66-gf7w-9m4x
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-vp66-gf7w-9m4x. Insufficient Session Expiration in github.com/greenpau/caddy-security
GHSA-vp66-gf7w-9m4x
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-vp66-gf7w-9m4x. Insufficient Session Expiration in github.com/greenpau/caddy-security
#ExploitObserverAlert
CVE-2023-42791
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42791. A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
CVE-2023-42791
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42791. A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
#ExploitObserverAlert
CVE-2024-21682
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-21682. This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation). This vulnerability was reported via our Penetration Testing program.
CVE-2024-21682
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-21682. This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation). This vulnerability was reported via our Penetration Testing program.