#ExploitObserverAlert
GHSA-6vqw-3v5j-54x4
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-6vqw-3v5j-54x4. cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
GHSA-6vqw-3v5j-54x4
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-6vqw-3v5j-54x4. cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
#ExploitObserverAlert
PSS-177224
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177224. ITFlow Cross Site Request Forgery. ITFlow versions prior to commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378 suffer from a cross site request forgery vulnerability.
PSS-177224
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177224. ITFlow Cross Site Request Forgery. ITFlow versions prior to commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378 suffer from a cross site request forgery vulnerability.
#ExploitObserverAlert
PSS-177222
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177222. Red Hat Security Advisory 2024-0930-03. Red Hat Security Advisory 2024-0930-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, null pointer, out of bounds access, privilege escalation, and use-after-free vulnerabilities.
PSS-177222
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177222. Red Hat Security Advisory 2024-0930-03. Red Hat Security Advisory 2024-0930-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, null pointer, out of bounds access, privilege escalation, and use-after-free vulnerabilities.
#ExploitObserverAlert
ZDI-24-187
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-187. Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
ZDI-24-187
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-187. Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
#ExploitObserverAlert
GHSA-f3qr-qr4x-j273
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-f3qr-qr4x-j273. php-svg-lib lacks path validation on font through SVG inline styles
GHSA-f3qr-qr4x-j273
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-f3qr-qr4x-j273. php-svg-lib lacks path validation on font through SVG inline styles
#ExploitObserverAlert
ZDI-24-185
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-185. Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50233.
ZDI-24-185
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-185. Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50233.
#ExploitObserverAlert
ZDI-24-190
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-190. Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
ZDI-24-190
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-190. Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
#ExploitObserverAlert
PSS-177220
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177220. WEBIGniter 28.7.23 Cross Site Scripting. WEBIGniter version 28.7.23 suffers from a persistent cross site scripting vulnerability.
PSS-177220
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177220. WEBIGniter 28.7.23 Cross Site Scripting. WEBIGniter version 28.7.23 suffers from a persistent cross site scripting vulnerability.
#ExploitObserverAlert
GHSA-vgv8-5cpj-qj2f
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-vgv8-5cpj-qj2f. pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
GHSA-vgv8-5cpj-qj2f
DESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to GHSA-vgv8-5cpj-qj2f. pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
#ExploitObserverAlert
PSS-177229
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177229. Ivanti Connect Secure Unauthenticated Remote Code Execution. This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x are vulnerable, prior to the vendor patch released on Feb 1, 2024. It is unknown if unsupported versions 8.x and below are also vulnerable.
PSS-177229
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177229. Ivanti Connect Secure Unauthenticated Remote Code Execution. This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x are vulnerable, prior to the vendor patch released on Feb 1, 2024. It is unknown if unsupported versions 8.x and below are also vulnerable.
#ExploitObserverAlert
PSS-177230
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177230. Yealink Configuration Encrypt Tool Static AES Key. A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.
PSS-177230
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177230. Yealink Configuration Encrypt Tool Static AES Key. A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.
#ExploitObserverAlert
PSS-177231
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177231. Ubuntu Security Notice USN-6646-1. Ubuntu Security Notice 6646-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
PSS-177231
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177231. Ubuntu Security Notice USN-6646-1. Ubuntu Security Notice 6646-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
#ExploitObserverAlert
GHSA-4hfp-m9gv-m753
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-4hfp-m9gv-m753. XWiki extension license information is public, exposing instance id and license holder details
GHSA-4hfp-m9gv-m753
DESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to GHSA-4hfp-m9gv-m753. XWiki extension license information is public, exposing instance id and license holder details
#ExploitObserverAlert
PSS-177223
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177223. NFC Relay Attack On Tesla Model Y. This paper will walk you through the proof-of-concept and technical details of exploitation for IOActive's recent NFC relay attack on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and they then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark's BlueShark module.
PSS-177223
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177223. NFC Relay Attack On Tesla Model Y. This paper will walk you through the proof-of-concept and technical details of exploitation for IOActive's recent NFC relay attack on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and they then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark's BlueShark module.
#ExploitObserverAlert
PSS-177221
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177221. Red Hat Security Advisory 2024-0845-03. Red Hat Security Advisory 2024-0845-03 - Red Hat OpenShift Container Platform release 4.13.34 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.
PSS-177221
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177221. Red Hat Security Advisory 2024-0845-03. Red Hat Security Advisory 2024-0845-03 - Red Hat OpenShift Container Platform release 4.13.34 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.
#ExploitObserverAlert
PSS-177218
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177218. Red Hat Security Advisory 2024-0832-03. Red Hat Security Advisory 2024-0832-03 - Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.
PSS-177218
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177218. Red Hat Security Advisory 2024-0832-03. Red Hat Security Advisory 2024-0832-03 - Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.
#ExploitObserverAlert
PSS-177227
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177227. WordPress 6.4.3 Username Disclosure. WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability.
PSS-177227
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177227. WordPress 6.4.3 Username Disclosure. WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability.
#ExploitObserverAlert
ZDI-24-191
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to ZDI-24-191. Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-0865.
ZDI-24-191
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to ZDI-24-191. Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-0865.
#ExploitObserverAlert
ZDI-24-183
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-183. Apache OFBiz createRegister Error Message Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-23946.
ZDI-24-183
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-183. Apache OFBiz createRegister Error Message Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-23946.
#ExploitObserverAlert
PSS-177225
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177225. Ubuntu Security Notice USN-6645-1. Ubuntu Security Notice 6645-1 - It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service.
PSS-177225
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177225. Ubuntu Security Notice USN-6645-1. Ubuntu Security Notice 6645-1 - It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service.
#ExploitObserverAlert
ZDI-24-188
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-188. Trimble SketchUp SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
ZDI-24-188
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to ZDI-24-188. Trimble SketchUp SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.