#ExploitObserverAlert
CVE-2024-21812
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-21812. An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2024-21812
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-21812. An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-23313
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23313. An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2024-23313
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23313. An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
#ExploitObserverAlert
CVE-2023-48220
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-48220. Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable dependencies starting in version 0.0.1.alpha3 and prior to versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems. When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited. The only check done is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period. Decidim sets this configuration to `2.weeks` so this configuration should be respected. The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available. `devise_invitable` to version `2.0.9` and above fix this issue. Versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems contain this fix. As a workaround, invitations can be cancelled directly from the database.
CVE-2023-48220
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-48220. Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable dependencies starting in version 0.0.1.alpha3 and prior to versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems. When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited. The only check done is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period. Decidim sets this configuration to `2.weeks` so this configuration should be respected. The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available. `devise_invitable` to version `2.0.9` and above fix this issue. Versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems contain this fix. As a workaround, invitations can be cancelled directly from the database.
#ExploitObserverAlert
CVE-2024-0794
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0794. Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file.
CVE-2024-0794
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0794. Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file.
#ExploitObserverAlert
TALOS-2024-1922
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1922. Contact Cisco Talos Incident Response.
TALOS-2024-1922
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1922. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
TALOS-2024-1920
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1920. Contact Cisco Talos Incident Response.
TALOS-2024-1920
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to TALOS-2024-1920. Contact Cisco Talos Incident Response.
#ExploitObserverAlert
GHSA-mcqj-7p29-9528
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-mcqj-7p29-9528. MantisBT Host Header Injection vulnerability
GHSA-mcqj-7p29-9528
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-mcqj-7p29-9528. MantisBT Host Header Injection vulnerability
#ExploitObserverAlert
GHSA-ff72-ff42-c3gw
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-ff72-ff42-c3gw. Cross-site Scripting in github.com/greenpau/caddy-security
GHSA-ff72-ff42-c3gw
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-ff72-ff42-c3gw. Cross-site Scripting in github.com/greenpau/caddy-security
#ExploitObserverAlert
CVE-2024-24474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24474. Buffer Overflow vulnerability in Qemu before v.8.2.0 allows a remote attacker to execute arbitrary code via the async_len variable to the FIFO buffer component.
CVE-2024-24474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24474. Buffer Overflow vulnerability in Qemu before v.8.2.0 allows a remote attacker to execute arbitrary code via the async_len variable to the FIFO buffer component.
#ExploitObserverAlert
CVE-2024-23809
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23809. A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2024-23809
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23809. A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-25366
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25366. Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.
CVE-2024-25366
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25366. Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.
#ExploitObserverAlert
WLB-2024020066
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020066. InstantCMS 2.16.1 Cross Site Scripting.
WLB-2024020066
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020066. InstantCMS 2.16.1 Cross Site Scripting.
#ExploitObserverAlert
CVE-2024-22824
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22824. An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component.
CVE-2024-22824
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22824. An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component.
#ExploitObserverAlert
CVE-2023-52437
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52437. In the Linux kernel, the following vulnerability has been resolved: Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" This reverts commit 5e2cf333b7bd5d3e62595a44d598a254c697cd74. That commit introduced the following race and can cause system hung. md_write_start: raid5d: // mddev->in_sync == 1 set "MD_SB_CHANGE_PENDING" // running before md_write_start wakeup it waiting "MD_SB_CHANGE_PENDING" cleared >>>>>>>>> hung wakeup mddev->thread ... waiting "MD_SB_CHANGE_PENDING" cleared >>>> hung, raid5d should clear this flag but get hung by same flag. The issue reverted commit fixing is fixed by last patch in a new way.
CVE-2023-52437
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52437. In the Linux kernel, the following vulnerability has been resolved: Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" This reverts commit 5e2cf333b7bd5d3e62595a44d598a254c697cd74. That commit introduced the following race and can cause system hung. md_write_start: raid5d: // mddev->in_sync == 1 set "MD_SB_CHANGE_PENDING" // running before md_write_start wakeup it waiting "MD_SB_CHANGE_PENDING" cleared >>>>>>>>> hung wakeup mddev->thread ... waiting "MD_SB_CHANGE_PENDING" cleared >>>> hung, raid5d should clear this flag but get hung by same flag. The issue reverted commit fixing is fixed by last patch in a new way.
#ExploitObserverAlert
GHSA-vp66-gf7w-9m4x
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-vp66-gf7w-9m4x. Insufficient Session Expiration in github.com/greenpau/caddy-security
GHSA-vp66-gf7w-9m4x
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-vp66-gf7w-9m4x. Insufficient Session Expiration in github.com/greenpau/caddy-security
#ExploitObserverAlert
CVE-2023-42791
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42791. A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
CVE-2023-42791
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42791. A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
#ExploitObserverAlert
CVE-2024-21682
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-21682. This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation). This vulnerability was reported via our Penetration Testing program.
CVE-2024-21682
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-21682. This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation). This vulnerability was reported via our Penetration Testing program.
#ExploitObserverAlert
CVE-2024-22245
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22245. Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
CVE-2024-22245
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22245. Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
#ExploitObserverAlert
GHSA-x989-52fc-4vr4
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-x989-52fc-4vr4. Unencrypted traffic between pods when using Wireguard and an external kvstore
GHSA-x989-52fc-4vr4
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-x989-52fc-4vr4. Unencrypted traffic between pods when using Wireguard and an external kvstore
#ExploitObserverAlert
CVE-2024-1155
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1155. Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-1155
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1155. Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
#ExploitObserverAlert
CVE-2023-52436
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52436. In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.
CVE-2023-52436
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52436. In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.