#ExploitObserverAlert
CVE-2023-42951
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42951. The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items.
FIRST-EPSS: 0.000430000
CVE-2023-42951
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42951. The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1. A user may be unable to delete browsing history items.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42942
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42942. This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.
FIRST-EPSS: 0.000440000
CVE-2023-42942
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42942. This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.
FIRST-EPSS: 0.000440000
#ExploitObserverAlert
CVE-2023-42928
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42928. The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges.
FIRST-EPSS: 0.000430000
CVE-2023-42928
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42928. The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25151
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25151. The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.
FIRST-EPSS: 0.000430000
CVE-2024-25151
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25151. The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-25152
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25152. Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment.
FIRST-EPSS: 0.000430000
CVE-2024-25152
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25152. Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-24849
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24849. Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.
FIRST-EPSS: 0.000430000
CVE-2024-24849
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-24849. Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-50923
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-50923. In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK." paper says "Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic."
FIRST-EPSS: 0.000450000
CVE-2023-50923
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-50923. In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK." paper says "Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic."
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-26266
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26266. Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget.
FIRST-EPSS: 0.000430000
CVE-2024-26266
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26266. Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42877
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42877. The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.
FIRST-EPSS: 0.000450000
CVE-2023-42877
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42877. The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42858
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42858. The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
FIRST-EPSS: 0.000450000
CVE-2023-42858
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42858. The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42839
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42839. This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
FIRST-EPSS: 0.000450000
CVE-2023-42839
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42839. This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-24843
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-24843. Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a before 2.10.8.
FIRST-EPSS: 0.000430000
CVE-2024-24843
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-24843. Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a before 2.10.8.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1671
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1671. Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
CVE-2024-1671
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1671. Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-1562
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1562. The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.
FIRST-EPSS: 0.000430000
CVE-2024-1562
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1562. The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-52440
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52440. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes. cifs_arc4_crypt copy to session key array from SessionKey from client.
FIRST-EPSS: 0.000450000
CVE-2023-52440
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-52440. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() If authblob->SessionKey.Length is bigger than session key size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes. cifs_arc4_crypt copy to session key array from SessionKey from client.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42498
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42498. Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter.
FIRST-EPSS: 0.000430000
CVE-2023-42498
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42498. Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42859
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42859. The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.
FIRST-EPSS: 0.000450000
CVE-2023-42859
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42859. The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-24837
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-24837. Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0.
FIRST-EPSS: 0.000450000
CVE-2024-24837
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-24837. Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-0407
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0407. Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store.
FIRST-EPSS: 0.000430000
CVE-2024-0407
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-0407. Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-42953
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42953. A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
FIRST-EPSS: 0.000450000
CVE-2023-42953
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42953. A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-42853
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42853. A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
FIRST-EPSS: 0.000450000
CVE-2023-42853
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-42853. A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
FIRST-EPSS: 0.000450000