#ExploitObserverAlert
BDU:2024-02609
DESCRIPTION: Exploit Observer has 13 entries in 2 file formats related to BDU:2024-02609. The vulnerability of the LoadIndexFile() and DownloadIndexFile() functions in the repo package and the LoadDir() function in the plugin package of the Kubernetes Helm package manager allows an attacker to cause a denial of service. The vulnerability of the LoadIndexFile() and DownloadIndexFile() functions in the repo package and the LoadDir() function in the plugin package of the Kubernetes Helm package manager is related to the use of uninitialized variables when processing index.yaml and plugin.yaml files. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02609
DESCRIPTION: Exploit Observer has 13 entries in 2 file formats related to BDU:2024-02609. The vulnerability of the LoadIndexFile() and DownloadIndexFile() functions in the repo package and the LoadDir() function in the plugin package of the Kubernetes Helm package manager allows an attacker to cause a denial of service. The vulnerability of the LoadIndexFile() and DownloadIndexFile() functions in the repo package and the LoadDir() function in the plugin package of the Kubernetes Helm package manager is related to the use of uninitialized variables when processing index.yaml and plugin.yaml files. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
PD/http/cves/2022/CVE-2022-41412
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to PD/http/cves/2022/CVE-2022-41412. An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
PD/http/cves/2022/CVE-2022-41412
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to PD/http/cves/2022/CVE-2022-41412. An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
#ExploitObserverAlert
BDU:2024-02627
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02627. The vulnerability in the Grafana monitoring and observation platform, associated with parallel execution using a shared resource with incorrect synchronization, allows an attacker to elevate their privileges. The vulnerability in the Grafana monitoring and observation platform is related to registering a foreign email address as a username. Exploiting the vulnerability could allow a remote attacker to escalate their privileges.
BDU:2024-02627
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02627. The vulnerability in the Grafana monitoring and observation platform, associated with parallel execution using a shared resource with incorrect synchronization, allows an attacker to elevate their privileges. The vulnerability in the Grafana monitoring and observation platform is related to registering a foreign email address as a username. Exploiting the vulnerability could allow a remote attacker to escalate their privileges.
#ExploitObserverAlert
BDU:2024-02593
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02593. Vulnerability of the Grafana monitoring and observability platform, related to exposing confidential information to an unauthorized entity, allows an attacker to gain unauthorized access to protected information. The vulnerability of the Grafana monitoring and observability platform is associated with the ability to search for JWT in the auth_token URL query parameter and use it as an authentication token. Exploiting this vulnerability may enable a remote attacker to gain unauthorized access to protected information.
BDU:2024-02593
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02593. Vulnerability of the Grafana monitoring and observability platform, related to exposing confidential information to an unauthorized entity, allows an attacker to gain unauthorized access to protected information. The vulnerability of the Grafana monitoring and observability platform is associated with the ability to search for JWT in the auth_token URL query parameter and use it as an authentication token. Exploiting this vulnerability may enable a remote attacker to gain unauthorized access to protected information.
#ExploitObserverAlert
BDU:2024-02648
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02648. The vulnerability of the open-source Kubernetes data orchestrator and accelerator for data-intensive Fluid applications is related to improper authorization, allowing an attacker to gain full privileged access to the entire cluster. Exploiting this vulnerability can enable an attacker to gain full privileged access to the entire cluster.
BDU:2024-02648
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02648. The vulnerability of the open-source Kubernetes data orchestrator and accelerator for data-intensive Fluid applications is related to improper authorization, allowing an attacker to gain full privileged access to the entire cluster. Exploiting this vulnerability can enable an attacker to gain full privileged access to the entire cluster.
#ExploitObserverAlert
BDU:2024-02575
DESCRIPTION: Exploit Observer has 15 entries in 5 file formats related to BDU:2024-02575. The vulnerability in the Grafana monitoring and observation platform, associated with improper input neutralization during webpage creation, allows an attacker to conduct cross-site scripting (XSS) attacks. The vulnerability in the Grafana monitoring and observation platform is related to the need to select a forged function and hover the mouse pointer over the description. Exploiting the vulnerability can enable a remote attacker to carry out cross-site scripting (XSS) attacks.
BDU:2024-02575
DESCRIPTION: Exploit Observer has 15 entries in 5 file formats related to BDU:2024-02575. The vulnerability in the Grafana monitoring and observation platform, associated with improper input neutralization during webpage creation, allows an attacker to conduct cross-site scripting (XSS) attacks. The vulnerability in the Grafana monitoring and observation platform is related to the need to select a forged function and hover the mouse pointer over the description. Exploiting the vulnerability can enable a remote attacker to carry out cross-site scripting (XSS) attacks.
#ExploitObserverAlert
BDU:2024-02577
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02577. The vulnerability in the bgpd/bgp_packet.c file of the FRRouting network routing implementation software on Unix-like systems allows an attacker to cause a denial of service. The vulnerability in the bgpd/bgp_packet.c file of the FRRouting network routing implementation software on Unix-like systems is related to the processing of NLRI when the attribute length is zero. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02577
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02577. The vulnerability in the bgpd/bgp_packet.c file of the FRRouting network routing implementation software on Unix-like systems allows an attacker to cause a denial of service. The vulnerability in the bgpd/bgp_packet.c file of the FRRouting network routing implementation software on Unix-like systems is related to the processing of NLRI when the attribute length is zero. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02584
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to BDU:2024-02584. Vulnerability in the RabbitMQ message broker due to the lack of restriction in the HTTP API on the size of the HTTP request body, allowing an attacker to cause a denial of service. The vulnerability in the RabbitMQ message broker is related to the absence of restrictions in the HTTP API on the size of the HTTP request body, making it vulnerable to very large messages. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02584
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to BDU:2024-02584. Vulnerability in the RabbitMQ message broker due to the lack of restriction in the HTTP API on the size of the HTTP request body, allowing an attacker to cause a denial of service. The vulnerability in the RabbitMQ message broker is related to the absence of restrictions in the HTTP API on the size of the HTTP request body, making it vulnerable to very large messages. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
PD/http/cves/2021/CVE-2021-46419
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to PD/http/cves/2021/CVE-2021-46419. An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
PD/http/cves/2021/CVE-2021-46419
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to PD/http/cves/2021/CVE-2021-46419. An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
#ExploitObserverAlert
BDU:2024-02588
DESCRIPTION: Exploit Observer has 17 entries in 3 file formats related to BDU:2024-02588. Vulnerability in the set of software tools and libraries for working with smart cards OpenSC, associated with improper restriction of memory buffer operations, allowing an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability in the set of software tools and libraries for working with smart cards in OpenSC is related to memory errors during card registration using pkcs15-init. Exploiting the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected information.
BDU:2024-02588
DESCRIPTION: Exploit Observer has 17 entries in 3 file formats related to BDU:2024-02588. Vulnerability in the set of software tools and libraries for working with smart cards OpenSC, associated with improper restriction of memory buffer operations, allowing an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability in the set of software tools and libraries for working with smart cards in OpenSC is related to memory errors during card registration using pkcs15-init. Exploiting the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected information.
#ExploitObserverAlert
BDU:2024-02617
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-02617. Vulnerability of the Grafana monitoring and observation platform, arising from incorrect input validation, allows an attacker to bypass existing security restrictions. This vulnerability in the Grafana monitoring and observation platform is related to the ability for users to register with any username/email address they choose. Exploiting this vulnerability could enable an attacker to bypass existing security restrictions.
BDU:2024-02617
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-02617. Vulnerability of the Grafana monitoring and observation platform, arising from incorrect input validation, allows an attacker to bypass existing security restrictions. This vulnerability in the Grafana monitoring and observation platform is related to the ability for users to register with any username/email address they choose. Exploiting this vulnerability could enable an attacker to bypass existing security restrictions.
#ExploitObserverAlert
BDU:2024-02585
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02585. The vulnerability of the --fragment option in the OpenVPN software, associated with division by zero errors, allows an attacker to cause a denial of service. The vulnerability of the --fragment option in the OpenVPN software is related to initiating division by zero. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02585
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02585. The vulnerability of the --fragment option in the OpenVPN software, associated with division by zero errors, allows an attacker to cause a denial of service. The vulnerability of the --fragment option in the OpenVPN software is related to initiating division by zero. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02586
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to BDU:2024-02586. Vulnerability in the systemd-tmpfiles file of the Systemd initialization and service management subsystem allows an attacker to cause a denial of service. The vulnerability in the systemd-tmpfiles file of the Systemd initialization and service management subsystem is related to recursion when too many nested directories are created in /tmp. Exploiting the vulnerability may allow an attacker to cause a denial of service.
BDU:2024-02586
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to BDU:2024-02586. Vulnerability in the systemd-tmpfiles file of the Systemd initialization and service management subsystem allows an attacker to cause a denial of service. The vulnerability in the systemd-tmpfiles file of the Systemd initialization and service management subsystem is related to recursion when too many nested directories are created in /tmp. Exploiting the vulnerability may allow an attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02619
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02619. The vulnerability of the Grafana monitoring and observability platform that leads to the disclosure of confidential information to an unauthorized entity allows an attacker to expose protected information. This vulnerability is related to the transmission of authentication users' cookie files to plugins. Exploiting the vulnerability could enable a remote attacker to access protected information.
BDU:2024-02619
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02619. The vulnerability of the Grafana monitoring and observability platform that leads to the disclosure of confidential information to an unauthorized entity allows an attacker to expose protected information. This vulnerability is related to the transmission of authentication users' cookie files to plugins. Exploiting the vulnerability could enable a remote attacker to access protected information.
#ExploitObserverAlert
BDU:2024-02620
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02620. Vulnerability of the Grafana monitoring and observation platform associated with the disclosure of confidential information to an unauthorized party, enabling the attacker to expose protected information. The vulnerability of the Grafana monitoring and observation platform is related to the transmission of authentication tokens to certain target plugins. Exploiting this vulnerability could allow a remote attacker to expose protected information.
BDU:2024-02620
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02620. Vulnerability of the Grafana monitoring and observation platform associated with the disclosure of confidential information to an unauthorized party, enabling the attacker to expose protected information. The vulnerability of the Grafana monitoring and observation platform is related to the transmission of authentication tokens to certain target plugins. Exploiting this vulnerability could allow a remote attacker to expose protected information.
#ExploitObserverAlert
BDU:2024-02595
DESCRIPTION: Exploit Observer has 16 entries in 5 file formats related to BDU:2024-02595. Vulnerability in the mapValues() function of the Async utility module for working with asynchronous JavaScript allows an attacker to elevate their privileges. This vulnerability in the mapValues() function of the Async utility module for working with asynchronous JavaScript is related to improperly controlled modification of object prototype attributes. Exploiting the vulnerability could allow a remote attacker to elevate their privileges.
BDU:2024-02595
DESCRIPTION: Exploit Observer has 16 entries in 5 file formats related to BDU:2024-02595. Vulnerability in the mapValues() function of the Async utility module for working with asynchronous JavaScript allows an attacker to elevate their privileges. This vulnerability in the mapValues() function of the Async utility module for working with asynchronous JavaScript is related to improperly controlled modification of object prototype attributes. Exploiting the vulnerability could allow a remote attacker to elevate their privileges.
#ExploitObserverAlert
BDU:2024-02589
DESCRIPTION: Exploit Observer has 16 entries in 3 file formats related to BDU:2024-02589. Vulnerability in the set of software tools and libraries for working with OpenSC smart cards is related to incorrect authentication, allowing an attacker to gain unauthorized access, carry out arbitrary actions, or compromise the system. The vulnerability in the set of software tools and libraries for working with OpenSC smart cards is due to the fact that authentication of the token/card by one process can perform cryptographic operations in other processes when passing an empty PIN code of zero length. Exploiting the vulnerability can allow an attacker to gain unauthorized access, carry out arbitrary actions, or compromise the system.
BDU:2024-02589
DESCRIPTION: Exploit Observer has 16 entries in 3 file formats related to BDU:2024-02589. Vulnerability in the set of software tools and libraries for working with OpenSC smart cards is related to incorrect authentication, allowing an attacker to gain unauthorized access, carry out arbitrary actions, or compromise the system. The vulnerability in the set of software tools and libraries for working with OpenSC smart cards is due to the fact that authentication of the token/card by one process can perform cryptographic operations in other processes when passing an empty PIN code of zero length. Exploiting the vulnerability can allow an attacker to gain unauthorized access, carry out arbitrary actions, or compromise the system.
#ExploitObserverAlert
PD/http/cves/2022/CVE-2022-29013
DESCRIPTION: Exploit Observer has 11 entries in 6 file formats related to PD/http/cves/2022/CVE-2022-29013. A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
PD/http/cves/2022/CVE-2022-29013
DESCRIPTION: Exploit Observer has 11 entries in 6 file formats related to PD/http/cves/2022/CVE-2022-29013. A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
#ExploitObserverAlert
BDU:2024-02597
DESCRIPTION: Exploit Observer has 16 entries in 4 file formats related to BDU:2024-02597. "The vulnerability in the monitoring and observability platform Grafana related to cross-site request forgery, allows an attacker to escalate their privileges. The vulnerability in the Grafana monitoring and observability platform is associated with conducting attacks from various sources against authenticated users of Grafana with high privileges. Exploiting this vulnerability could enable a remote attacker to escalate their privileges."
BDU:2024-02597
DESCRIPTION: Exploit Observer has 16 entries in 4 file formats related to BDU:2024-02597. "The vulnerability in the monitoring and observability platform Grafana related to cross-site request forgery, allows an attacker to escalate their privileges. The vulnerability in the Grafana monitoring and observability platform is associated with conducting attacks from various sources against authenticated users of Grafana with high privileges. Exploiting this vulnerability could enable a remote attacker to escalate their privileges."
#ExploitObserverAlert
PD/http/cves/2018/CVE-2018-10738
DESCRIPTION: Exploit Observer has 13 entries in 6 file formats related to PD/http/cves/2018/CVE-2018-10738. A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
PD/http/cves/2018/CVE-2018-10738
DESCRIPTION: Exploit Observer has 13 entries in 6 file formats related to PD/http/cves/2018/CVE-2018-10738. A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
#ExploitObserverAlert
BDU:2024-02610
DESCRIPTION: Exploit Observer has 26 entries in 9 file formats related to BDU:2024-02610. Vulnerability in the Node.js follow-redirects module, associated with insufficient protection of sensitive data, allows an attacker to gain unauthorized access to protected information. The vulnerability in the Node.js follow-redirects module is related to inadequate protection of sensitive data. Exploiting the vulnerability could allow a remote attacker to gain unauthorized access to protected information.
BDU:2024-02610
DESCRIPTION: Exploit Observer has 26 entries in 9 file formats related to BDU:2024-02610. Vulnerability in the Node.js follow-redirects module, associated with insufficient protection of sensitive data, allows an attacker to gain unauthorized access to protected information. The vulnerability in the Node.js follow-redirects module is related to inadequate protection of sensitive data. Exploiting the vulnerability could allow a remote attacker to gain unauthorized access to protected information.