#ExploitObserverAlert
BDU:2024-02591
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to BDU:2024-02591. Vulnerability in the Moodle virtual learning environment, related to improper input neutralization during webpage creation, allows an attacker to carry out cross-site scripting (XSS) attacks. The vulnerability in the Moodle virtual learning environment is related to previewing the upload of a course containing unsafe data. Exploiting the vulnerability could allow a remote attacker to carry out cross-site scripting (XSS) attacks.
BDU:2024-02591
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to BDU:2024-02591. Vulnerability in the Moodle virtual learning environment, related to improper input neutralization during webpage creation, allows an attacker to carry out cross-site scripting (XSS) attacks. The vulnerability in the Moodle virtual learning environment is related to previewing the upload of a course containing unsafe data. Exploiting the vulnerability could allow a remote attacker to carry out cross-site scripting (XSS) attacks.
#ExploitObserverAlert
BDU:2024-02581
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02581. Vulnerability of the Range analysis component of the modular interface between web servers and Rack web applications, which allows an attacker to cause a denial of service. The vulnerability of the Range analysis component of the modular interface between web servers and Rack web applications is related to the processing of input data of the RFC2183 boundary, which may take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02581
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02581. Vulnerability of the Range analysis component of the modular interface between web servers and Rack web applications, which allows an attacker to cause a denial of service. The vulnerability of the Range analysis component of the modular interface between web servers and Rack web applications is related to the processing of input data of the RFC2183 boundary, which may take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02572
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to BDU:2024-02572. Vulnerability of the Grafana monitoring and observation platform related to the permission list of allowed inputs, enabling an attacker to elevate their privileges. The vulnerability of the Grafana monitoring and observation platform is associated with administrator permissions to change permissions related to organization viewing roles, organization editor, and organization administrator. Exploiting the vulnerability could allow a remote attacker to elevate their privileges.
BDU:2024-02572
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to BDU:2024-02572. Vulnerability of the Grafana monitoring and observation platform related to the permission list of allowed inputs, enabling an attacker to elevate their privileges. The vulnerability of the Grafana monitoring and observation platform is associated with administrator permissions to change permissions related to organization viewing roles, organization editor, and organization administrator. Exploiting the vulnerability could allow a remote attacker to elevate their privileges.
#ExploitObserverAlert
BDU:2024-02642
DESCRIPTION: Exploit Observer has 12 entries in 5 file formats related to BDU:2024-02642. Vulnerability in Microsoft Edge browser, related to security bypass, allows an attacker to circumvent existing security restrictions. The vulnerability in the Microsoft Edge browser is associated with security bypass. Exploiting the vulnerability could enable a remote attacker to circumvent existing security restrictions using a specially crafted HTML page.
BDU:2024-02642
DESCRIPTION: Exploit Observer has 12 entries in 5 file formats related to BDU:2024-02642. Vulnerability in Microsoft Edge browser, related to security bypass, allows an attacker to circumvent existing security restrictions. The vulnerability in the Microsoft Edge browser is associated with security bypass. Exploiting the vulnerability could enable a remote attacker to circumvent existing security restrictions using a specially crafted HTML page.
#ExploitObserverAlert
BDU:2024-02612
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02612. The vulnerability of the autotools component CARES_RANDOM_FILE in the C-ares asynchronous DNS request library allows an attacker to impact the integrity of protected information. The vulnerability of the autotools component CARES_RANDOM_FILE in the C-ares asynchronous DNS request library is related to the use of rand() as a fallback option, which could allow a malicious actor to exploit the lack of entropy without using CSPRNG. Exploiting the vulnerability could allow a remote attacker to impact the integrity of protected information.
BDU:2024-02612
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02612. The vulnerability of the autotools component CARES_RANDOM_FILE in the C-ares asynchronous DNS request library allows an attacker to impact the integrity of protected information. The vulnerability of the autotools component CARES_RANDOM_FILE in the C-ares asynchronous DNS request library is related to the use of rand() as a fallback option, which could allow a malicious actor to exploit the lack of entropy without using CSPRNG. Exploiting the vulnerability could allow a remote attacker to impact the integrity of protected information.
#ExploitObserverAlert
BDU:2024-02630
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02630. Vulnerability in the Sanitize::Config::RELAXED component of the Sanitize library for the Ruby programming language allows an attacker to conduct cross-site scripting attacks. The vulnerability in the Sanitize::Config::RELAXED component of the Sanitize library for the Ruby programming language is related to a lack of protection for the structure of web pages when processing style elements. Exploiting the vulnerability could allow a remote attacker to conduct cross-site scripting attacks.
BDU:2024-02630
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02630. Vulnerability in the Sanitize::Config::RELAXED component of the Sanitize library for the Ruby programming language allows an attacker to conduct cross-site scripting attacks. The vulnerability in the Sanitize::Config::RELAXED component of the Sanitize library for the Ruby programming language is related to a lack of protection for the structure of web pages when processing style elements. Exploiting the vulnerability could allow a remote attacker to conduct cross-site scripting attacks.
#ExploitObserverAlert
BDU:2024-02604
DESCRIPTION: Exploit Observer has 14 entries in 2 file formats related to BDU:2024-02604. Vulnerability in the Apache Tomcat application server, related to incomplete cleaning of temporary or auxiliary resources, allowing an attacker to cause denial of service. The vulnerability in the Apache Tomcat application server is due to incomplete cleaning of temporary or auxiliary resources. Exploiting the vulnerability could allow an attacker, acting remotely, to cause denial of service.
BDU:2024-02604
DESCRIPTION: Exploit Observer has 14 entries in 2 file formats related to BDU:2024-02604. Vulnerability in the Apache Tomcat application server, related to incomplete cleaning of temporary or auxiliary resources, allowing an attacker to cause denial of service. The vulnerability in the Apache Tomcat application server is due to incomplete cleaning of temporary or auxiliary resources. Exploiting the vulnerability could allow an attacker, acting remotely, to cause denial of service.
#ExploitObserverAlert
BDU:2024-02583
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to BDU:2024-02583. Vulnerability in the trim() function of the trim package allows an attacker to cause a denial of service. This vulnerability is associated with uncontrolled resource consumption. Exploiting the vulnerability could enable a remote attacker to cause a denial of service.
BDU:2024-02583
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to BDU:2024-02583. Vulnerability in the trim() function of the trim package allows an attacker to cause a denial of service. This vulnerability is associated with uncontrolled resource consumption. Exploiting the vulnerability could enable a remote attacker to cause a denial of service.
#ExploitObserverAlert
PD/http/cves/2021/CVE-2021-46418
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to PD/http/cves/2021/CVE-2021-46418. An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.
PD/http/cves/2021/CVE-2021-46418
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to PD/http/cves/2021/CVE-2021-46418. An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.
#ExploitObserverAlert
BDU:2024-02615
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-02615. The vulnerability of the Grafana monitoring and observation platform, related to improper input sanitization during webpage creation, allows attackers to carry out cross-site scripting (XSS) attacks. The vulnerability of the Grafana monitoring and observation platform is associated with the presence of SVG files that were not properly sanitized, allowing arbitrary JavaScript execution in the context of the current authenticated user of the Grafana instance. Exploiting the vulnerability could enable a remote attacker to perform cross-site scripting (XSS) attacks.
BDU:2024-02615
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-02615. The vulnerability of the Grafana monitoring and observation platform, related to improper input sanitization during webpage creation, allows attackers to carry out cross-site scripting (XSS) attacks. The vulnerability of the Grafana monitoring and observation platform is associated with the presence of SVG files that were not properly sanitized, allowing arbitrary JavaScript execution in the context of the current authenticated user of the Grafana instance. Exploiting the vulnerability could enable a remote attacker to perform cross-site scripting (XSS) attacks.
#ExploitObserverAlert
BDU:2024-02574
DESCRIPTION: Exploit Observer has 13 entries in 2 file formats related to BDU:2024-02574. Software vulnerability in OpenVPN related to the use of memory after it has been freed, allowing an attacker to cause a denial of service. The software vulnerability in OpenVPN is related to using memory after it has been freed. Exploiting the vulnerability could enable a remote attacker to cause a denial of service.
BDU:2024-02574
DESCRIPTION: Exploit Observer has 13 entries in 2 file formats related to BDU:2024-02574. Software vulnerability in OpenVPN related to the use of memory after it has been freed, allowing an attacker to cause a denial of service. The software vulnerability in OpenVPN is related to using memory after it has been freed. Exploiting the vulnerability could enable a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02596
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to BDU:2024-02596. The vulnerability of the Grafana monitoring and observation platform, related to the disclosure of confidential information to an unauthorized entity, allows an attacker to expose protected information. The vulnerability of the Grafana monitoring and observation platform is linked to the forwarding of the OAuth identifier of the user who last logged into the system. Exploiting the vulnerability could allow a remote attacker to uncover protected information.
BDU:2024-02596
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to BDU:2024-02596. The vulnerability of the Grafana monitoring and observation platform, related to the disclosure of confidential information to an unauthorized entity, allows an attacker to expose protected information. The vulnerability of the Grafana monitoring and observation platform is linked to the forwarding of the OAuth identifier of the user who last logged into the system. Exploiting the vulnerability could allow a remote attacker to uncover protected information.
#ExploitObserverAlert
BDU:2024-02582
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to BDU:2024-02582. A vulnerability in the modular interface between Rack web servers and web applications is related to the inefficient complexity of regular expressions, allowing an attacker to cause a denial of service. The vulnerability in the modular interface between Rack web servers and web applications is linked to input data processing, which could take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02582
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to BDU:2024-02582. A vulnerability in the modular interface between Rack web servers and web applications is related to the inefficient complexity of regular expressions, allowing an attacker to cause a denial of service. The vulnerability in the modular interface between Rack web servers and web applications is linked to input data processing, which could take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02592
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to BDU:2024-02592. Vulnerability in the virtual learning environment Moodle, related to the exposure of confidential information to an unauthorized entity, allowing the intruder to gain unauthorized access to protected information. The vulnerability of the Moodle virtual learning environment is related to the absence of restricting the mode of separate groups in a summary report of the forum, which displayed users from other groups. Exploiting the vulnerability could allow a remote intruder to gain unauthorized access to protected information.
BDU:2024-02592
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to BDU:2024-02592. Vulnerability in the virtual learning environment Moodle, related to the exposure of confidential information to an unauthorized entity, allowing the intruder to gain unauthorized access to protected information. The vulnerability of the Moodle virtual learning environment is related to the absence of restricting the mode of separate groups in a summary report of the forum, which displayed users from other groups. Exploiting the vulnerability could allow a remote intruder to gain unauthorized access to protected information.
#ExploitObserverAlert
BDU:2024-02625
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02625. The vulnerability in the Vorbis-tools package, related to the possibility of writing beyond the memory buffer, allows an attacker to trigger a denial of service or execute arbitrary code. The vulnerability in the Vorbis-tools package is associated with the potential for writing beyond the memory buffer when converting WAV files to OGG files. Exploiting the vulnerability could allow an attacker to trigger a denial of service or execute arbitrary code.
BDU:2024-02625
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02625. The vulnerability in the Vorbis-tools package, related to the possibility of writing beyond the memory buffer, allows an attacker to trigger a denial of service or execute arbitrary code. The vulnerability in the Vorbis-tools package is associated with the potential for writing beyond the memory buffer when converting WAV files to OGG files. Exploiting the vulnerability could allow an attacker to trigger a denial of service or execute arbitrary code.
#ExploitObserverAlert
BDU:2024-02579
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to BDU:2024-02579. Vulnerability in the Range header analysis component of the modular interface between web servers and Rack web applications allows an attacker to cause a denial of service. The vulnerability in the Range header analysis component of the modular interface between web servers and Rack web applications is related to the processing of input data, which may take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02579
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to BDU:2024-02579. Vulnerability in the Range header analysis component of the modular interface between web servers and Rack web applications allows an attacker to cause a denial of service. The vulnerability in the Range header analysis component of the modular interface between web servers and Rack web applications is related to the processing of input data, which may take an unexpected amount of time. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02607
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to BDU:2024-02607. The vulnerability of microcode software in Intel Xeon D processors, related to incorrect computation, allows an attacker to gain unauthorized access to protected information. This vulnerability in the microcode software of Intel Xeon D processors is linked to incorrect computation. Exploiting this vulnerability could enable an attacker to gain unauthorized access to protected information.
BDU:2024-02607
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to BDU:2024-02607. The vulnerability of microcode software in Intel Xeon D processors, related to incorrect computation, allows an attacker to gain unauthorized access to protected information. This vulnerability in the microcode software of Intel Xeon D processors is linked to incorrect computation. Exploiting this vulnerability could enable an attacker to gain unauthorized access to protected information.
#ExploitObserverAlert
BDU:2024-02576
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to BDU:2024-02576. Vulnerability in the ZeroMQ asynchronous message exchange library, related to a stack buffer overflow on the server, allows an attacker to impact system confidentiality, integrity, and availability. The vulnerability in the ZeroMQ asynchronous message exchange library is associated with a stack buffer overflow on the server. Exploiting this vulnerability can enable a remote attacker to affect system confidentiality, integrity, and availability by sending specially crafted subscription requests to topics and then unsubscribing.
BDU:2024-02576
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to BDU:2024-02576. Vulnerability in the ZeroMQ asynchronous message exchange library, related to a stack buffer overflow on the server, allows an attacker to impact system confidentiality, integrity, and availability. The vulnerability in the ZeroMQ asynchronous message exchange library is associated with a stack buffer overflow on the server. Exploiting this vulnerability can enable a remote attacker to affect system confidentiality, integrity, and availability by sending specially crafted subscription requests to topics and then unsubscribing.
#ExploitObserverAlert
PD/http/cves/2024/CVE-2024-29269
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to PD/http/cves/2024/CVE-2024-29269. Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.
PD/http/cves/2024/CVE-2024-29269
DESCRIPTION: Exploit Observer has 6 entries in 4 file formats related to PD/http/cves/2024/CVE-2024-29269. Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.
#ExploitObserverAlert
BDU:2024-02616
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to BDU:2024-02616. Vulnerability of the Grafana monitoring and observation platform, related to the disclosure of confidential information to an unauthorized party, allows an attacker to access confidential data. The vulnerability in the Grafana monitoring and observation platform is linked to the use of a forgotten password on the login page, which sends a POST request to the URL `/api/user/password/sent-reset-email`. Exploiting the vulnerability can allow a remote attacker to access confidential data.
BDU:2024-02616
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to BDU:2024-02616. Vulnerability of the Grafana monitoring and observation platform, related to the disclosure of confidential information to an unauthorized party, allows an attacker to access confidential data. The vulnerability in the Grafana monitoring and observation platform is linked to the use of a forgotten password on the login page, which sends a POST request to the URL `/api/user/password/sent-reset-email`. Exploiting the vulnerability can allow a remote attacker to access confidential data.
#ExploitObserverAlert
BDU:2024-02590
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to BDU:2024-02590. There is a vulnerability in the Moodle virtual learning environment related to improper input neutralization during the creation of web pages, allowing an attacker to carry out cross-site scripting (XSS) attacks. The vulnerability in the Moodle virtual learning environment is associated with the lack of additional cleaning of Wiki comments. Exploiting this vulnerability could allow a remote attacker to conduct cross-site scripting (XSS) attacks.
BDU:2024-02590
DESCRIPTION: Exploit Observer has 11 entries in 2 file formats related to BDU:2024-02590. There is a vulnerability in the Moodle virtual learning environment related to improper input neutralization during the creation of web pages, allowing an attacker to carry out cross-site scripting (XSS) attacks. The vulnerability in the Moodle virtual learning environment is associated with the lack of additional cleaning of Wiki comments. Exploiting this vulnerability could allow a remote attacker to conduct cross-site scripting (XSS) attacks.