#ExploitObserverAlert
GHSA-mcqj-7p29-9528
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-mcqj-7p29-9528. MantisBT Host Header Injection vulnerability
GHSA-mcqj-7p29-9528
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-mcqj-7p29-9528. MantisBT Host Header Injection vulnerability
#ExploitObserverAlert
GHSA-ff72-ff42-c3gw
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-ff72-ff42-c3gw. Cross-site Scripting in github.com/greenpau/caddy-security
GHSA-ff72-ff42-c3gw
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-ff72-ff42-c3gw. Cross-site Scripting in github.com/greenpau/caddy-security
#ExploitObserverAlert
CVE-2024-24474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24474. Buffer Overflow vulnerability in Qemu before v.8.2.0 allows a remote attacker to execute arbitrary code via the async_len variable to the FIFO buffer component.
CVE-2024-24474
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24474. Buffer Overflow vulnerability in Qemu before v.8.2.0 allows a remote attacker to execute arbitrary code via the async_len variable to the FIFO buffer component.
#ExploitObserverAlert
CVE-2024-23809
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23809. A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2024-23809
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23809. A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-25366
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25366. Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.
CVE-2024-25366
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25366. Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.
#ExploitObserverAlert
WLB-2024020066
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020066. InstantCMS 2.16.1 Cross Site Scripting.
WLB-2024020066
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020066. InstantCMS 2.16.1 Cross Site Scripting.
#ExploitObserverAlert
CVE-2024-22824
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22824. An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component.
CVE-2024-22824
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22824. An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component.
#ExploitObserverAlert
CVE-2023-52437
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52437. In the Linux kernel, the following vulnerability has been resolved: Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" This reverts commit 5e2cf333b7bd5d3e62595a44d598a254c697cd74. That commit introduced the following race and can cause system hung. md_write_start: raid5d: // mddev->in_sync == 1 set "MD_SB_CHANGE_PENDING" // running before md_write_start wakeup it waiting "MD_SB_CHANGE_PENDING" cleared >>>>>>>>> hung wakeup mddev->thread ... waiting "MD_SB_CHANGE_PENDING" cleared >>>> hung, raid5d should clear this flag but get hung by same flag. The issue reverted commit fixing is fixed by last patch in a new way.
CVE-2023-52437
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52437. In the Linux kernel, the following vulnerability has been resolved: Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" This reverts commit 5e2cf333b7bd5d3e62595a44d598a254c697cd74. That commit introduced the following race and can cause system hung. md_write_start: raid5d: // mddev->in_sync == 1 set "MD_SB_CHANGE_PENDING" // running before md_write_start wakeup it waiting "MD_SB_CHANGE_PENDING" cleared >>>>>>>>> hung wakeup mddev->thread ... waiting "MD_SB_CHANGE_PENDING" cleared >>>> hung, raid5d should clear this flag but get hung by same flag. The issue reverted commit fixing is fixed by last patch in a new way.
#ExploitObserverAlert
GHSA-vp66-gf7w-9m4x
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-vp66-gf7w-9m4x. Insufficient Session Expiration in github.com/greenpau/caddy-security
GHSA-vp66-gf7w-9m4x
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-vp66-gf7w-9m4x. Insufficient Session Expiration in github.com/greenpau/caddy-security
#ExploitObserverAlert
CVE-2023-42791
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42791. A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
CVE-2023-42791
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42791. A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
#ExploitObserverAlert
CVE-2024-21682
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-21682. This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation). This vulnerability was reported via our Penetration Testing program.
CVE-2024-21682
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-21682. This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation). This vulnerability was reported via our Penetration Testing program.
#ExploitObserverAlert
CVE-2024-22245
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22245. Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
CVE-2024-22245
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-22245. Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs).
#ExploitObserverAlert
GHSA-x989-52fc-4vr4
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-x989-52fc-4vr4. Unencrypted traffic between pods when using Wireguard and an external kvstore
GHSA-x989-52fc-4vr4
DESCRIPTION: Exploit Observer has 4 entries in 3 file formats related to GHSA-x989-52fc-4vr4. Unencrypted traffic between pods when using Wireguard and an external kvstore
#ExploitObserverAlert
CVE-2024-1155
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1155. Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-1155
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1155. Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
#ExploitObserverAlert
CVE-2023-52436
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52436. In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.
CVE-2023-52436
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52436. In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.
#ExploitObserverAlert
WLB-2024020064
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020064. Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting.
WLB-2024020064
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024020064. Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting.
#ExploitObserverAlert
GHSA-7f2v-5877-rx3x
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-7f2v-5877-rx3x. Code injection in REDAXO
GHSA-7f2v-5877-rx3x
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-7f2v-5877-rx3x. Code injection in REDAXO
#ExploitObserverAlert
GHSA-r969-783f-6jqr
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-r969-783f-6jqr. Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
GHSA-r969-783f-6jqr
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-r969-783f-6jqr. Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
#ExploitObserverAlert
GHSA-9w99-78rj-hmxq
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-9w99-78rj-hmxq. Cross-site scripting (XSS) in the dynamic file uploads
GHSA-9w99-78rj-hmxq
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-9w99-78rj-hmxq. Cross-site scripting (XSS) in the dynamic file uploads
#ExploitObserverAlert
CVE-2023-52439
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52439. In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev->dev) uio_device_release get_device(&idev->dev) kfree(idev) uio_free_minor(minor) uio_release put_device(&idev->dev) kfree(idev) ------------------------------------------------------- In the core-1 uio_unregister_device(), the device_unregister will kfree idev when the idev->dev kobject ref is 1. But after core-1 device_unregister, put_device and before doing kfree, the core-2 may get_device. Then: 1. After core-1 kfree idev, the core-2 will do use-after-free for idev. 2. When core-2 do uio_release and put_device, the idev will be double freed. To address this issue, we can get idev atomic & inc idev reference with minor_lock.
CVE-2023-52439
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52439. In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev->dev) uio_device_release get_device(&idev->dev) kfree(idev) uio_free_minor(minor) uio_release put_device(&idev->dev) kfree(idev) ------------------------------------------------------- In the core-1 uio_unregister_device(), the device_unregister will kfree idev when the idev->dev kobject ref is 1. But after core-1 device_unregister, put_device and before doing kfree, the core-2 may get_device. Then: 1. After core-1 kfree idev, the core-2 will do use-after-free for idev. 2. When core-2 do uio_release and put_device, the idev will be double freed. To address this issue, we can get idev atomic & inc idev reference with minor_lock.
#ExploitObserverAlert
GHSA-8hp3-rmr7-xh88
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-8hp3-rmr7-xh88. Open Redirect in github.com/greenpau/caddy-security
GHSA-8hp3-rmr7-xh88
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to GHSA-8hp3-rmr7-xh88. Open Redirect in github.com/greenpau/caddy-security