#ExploitObserverAlert
BDU:2024-02577
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02577. The vulnerability in the bgpd/bgp_packet.c file of the FRRouting network routing implementation software on Unix-like systems allows an attacker to cause a denial of service. The vulnerability in the bgpd/bgp_packet.c file of the FRRouting network routing implementation software on Unix-like systems is related to the processing of NLRI when the attribute length is zero. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02577
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02577. The vulnerability in the bgpd/bgp_packet.c file of the FRRouting network routing implementation software on Unix-like systems allows an attacker to cause a denial of service. The vulnerability in the bgpd/bgp_packet.c file of the FRRouting network routing implementation software on Unix-like systems is related to the processing of NLRI when the attribute length is zero. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02584
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to BDU:2024-02584. Vulnerability in the RabbitMQ message broker due to the lack of restriction in the HTTP API on the size of the HTTP request body, allowing an attacker to cause a denial of service. The vulnerability in the RabbitMQ message broker is related to the absence of restrictions in the HTTP API on the size of the HTTP request body, making it vulnerable to very large messages. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02584
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to BDU:2024-02584. Vulnerability in the RabbitMQ message broker due to the lack of restriction in the HTTP API on the size of the HTTP request body, allowing an attacker to cause a denial of service. The vulnerability in the RabbitMQ message broker is related to the absence of restrictions in the HTTP API on the size of the HTTP request body, making it vulnerable to very large messages. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
PD/http/cves/2021/CVE-2021-46419
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to PD/http/cves/2021/CVE-2021-46419. An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
PD/http/cves/2021/CVE-2021-46419
DESCRIPTION: Exploit Observer has 12 entries in 6 file formats related to PD/http/cves/2021/CVE-2021-46419. An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
#ExploitObserverAlert
BDU:2024-02588
DESCRIPTION: Exploit Observer has 17 entries in 3 file formats related to BDU:2024-02588. Vulnerability in the set of software tools and libraries for working with smart cards OpenSC, associated with improper restriction of memory buffer operations, allowing an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability in the set of software tools and libraries for working with smart cards in OpenSC is related to memory errors during card registration using pkcs15-init. Exploiting the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected information.
BDU:2024-02588
DESCRIPTION: Exploit Observer has 17 entries in 3 file formats related to BDU:2024-02588. Vulnerability in the set of software tools and libraries for working with smart cards OpenSC, associated with improper restriction of memory buffer operations, allowing an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability in the set of software tools and libraries for working with smart cards in OpenSC is related to memory errors during card registration using pkcs15-init. Exploiting the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected information.
#ExploitObserverAlert
BDU:2024-02617
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-02617. Vulnerability of the Grafana monitoring and observation platform, arising from incorrect input validation, allows an attacker to bypass existing security restrictions. This vulnerability in the Grafana monitoring and observation platform is related to the ability for users to register with any username/email address they choose. Exploiting this vulnerability could enable an attacker to bypass existing security restrictions.
BDU:2024-02617
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-02617. Vulnerability of the Grafana monitoring and observation platform, arising from incorrect input validation, allows an attacker to bypass existing security restrictions. This vulnerability in the Grafana monitoring and observation platform is related to the ability for users to register with any username/email address they choose. Exploiting this vulnerability could enable an attacker to bypass existing security restrictions.
#ExploitObserverAlert
BDU:2024-02585
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02585. The vulnerability of the --fragment option in the OpenVPN software, associated with division by zero errors, allows an attacker to cause a denial of service. The vulnerability of the --fragment option in the OpenVPN software is related to initiating division by zero. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
BDU:2024-02585
DESCRIPTION: Exploit Observer has 14 entries in 3 file formats related to BDU:2024-02585. The vulnerability of the --fragment option in the OpenVPN software, associated with division by zero errors, allows an attacker to cause a denial of service. The vulnerability of the --fragment option in the OpenVPN software is related to initiating division by zero. Exploiting the vulnerability could allow a remote attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02586
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to BDU:2024-02586. Vulnerability in the systemd-tmpfiles file of the Systemd initialization and service management subsystem allows an attacker to cause a denial of service. The vulnerability in the systemd-tmpfiles file of the Systemd initialization and service management subsystem is related to recursion when too many nested directories are created in /tmp. Exploiting the vulnerability may allow an attacker to cause a denial of service.
BDU:2024-02586
DESCRIPTION: Exploit Observer has 14 entries in 4 file formats related to BDU:2024-02586. Vulnerability in the systemd-tmpfiles file of the Systemd initialization and service management subsystem allows an attacker to cause a denial of service. The vulnerability in the systemd-tmpfiles file of the Systemd initialization and service management subsystem is related to recursion when too many nested directories are created in /tmp. Exploiting the vulnerability may allow an attacker to cause a denial of service.
#ExploitObserverAlert
BDU:2024-02619
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02619. The vulnerability of the Grafana monitoring and observability platform that leads to the disclosure of confidential information to an unauthorized entity allows an attacker to expose protected information. This vulnerability is related to the transmission of authentication users' cookie files to plugins. Exploiting the vulnerability could enable a remote attacker to access protected information.
BDU:2024-02619
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02619. The vulnerability of the Grafana monitoring and observability platform that leads to the disclosure of confidential information to an unauthorized entity allows an attacker to expose protected information. This vulnerability is related to the transmission of authentication users' cookie files to plugins. Exploiting the vulnerability could enable a remote attacker to access protected information.
#ExploitObserverAlert
BDU:2024-02620
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02620. Vulnerability of the Grafana monitoring and observation platform associated with the disclosure of confidential information to an unauthorized party, enabling the attacker to expose protected information. The vulnerability of the Grafana monitoring and observation platform is related to the transmission of authentication tokens to certain target plugins. Exploiting this vulnerability could allow a remote attacker to expose protected information.
BDU:2024-02620
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to BDU:2024-02620. Vulnerability of the Grafana monitoring and observation platform associated with the disclosure of confidential information to an unauthorized party, enabling the attacker to expose protected information. The vulnerability of the Grafana monitoring and observation platform is related to the transmission of authentication tokens to certain target plugins. Exploiting this vulnerability could allow a remote attacker to expose protected information.
#ExploitObserverAlert
BDU:2024-02595
DESCRIPTION: Exploit Observer has 16 entries in 5 file formats related to BDU:2024-02595. Vulnerability in the mapValues() function of the Async utility module for working with asynchronous JavaScript allows an attacker to elevate their privileges. This vulnerability in the mapValues() function of the Async utility module for working with asynchronous JavaScript is related to improperly controlled modification of object prototype attributes. Exploiting the vulnerability could allow a remote attacker to elevate their privileges.
BDU:2024-02595
DESCRIPTION: Exploit Observer has 16 entries in 5 file formats related to BDU:2024-02595. Vulnerability in the mapValues() function of the Async utility module for working with asynchronous JavaScript allows an attacker to elevate their privileges. This vulnerability in the mapValues() function of the Async utility module for working with asynchronous JavaScript is related to improperly controlled modification of object prototype attributes. Exploiting the vulnerability could allow a remote attacker to elevate their privileges.
#ExploitObserverAlert
BDU:2024-02589
DESCRIPTION: Exploit Observer has 16 entries in 3 file formats related to BDU:2024-02589. Vulnerability in the set of software tools and libraries for working with OpenSC smart cards is related to incorrect authentication, allowing an attacker to gain unauthorized access, carry out arbitrary actions, or compromise the system. The vulnerability in the set of software tools and libraries for working with OpenSC smart cards is due to the fact that authentication of the token/card by one process can perform cryptographic operations in other processes when passing an empty PIN code of zero length. Exploiting the vulnerability can allow an attacker to gain unauthorized access, carry out arbitrary actions, or compromise the system.
BDU:2024-02589
DESCRIPTION: Exploit Observer has 16 entries in 3 file formats related to BDU:2024-02589. Vulnerability in the set of software tools and libraries for working with OpenSC smart cards is related to incorrect authentication, allowing an attacker to gain unauthorized access, carry out arbitrary actions, or compromise the system. The vulnerability in the set of software tools and libraries for working with OpenSC smart cards is due to the fact that authentication of the token/card by one process can perform cryptographic operations in other processes when passing an empty PIN code of zero length. Exploiting the vulnerability can allow an attacker to gain unauthorized access, carry out arbitrary actions, or compromise the system.
#ExploitObserverAlert
PD/http/cves/2022/CVE-2022-29013
DESCRIPTION: Exploit Observer has 11 entries in 6 file formats related to PD/http/cves/2022/CVE-2022-29013. A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
PD/http/cves/2022/CVE-2022-29013
DESCRIPTION: Exploit Observer has 11 entries in 6 file formats related to PD/http/cves/2022/CVE-2022-29013. A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
#ExploitObserverAlert
BDU:2024-02597
DESCRIPTION: Exploit Observer has 16 entries in 4 file formats related to BDU:2024-02597. "The vulnerability in the monitoring and observability platform Grafana related to cross-site request forgery, allows an attacker to escalate their privileges. The vulnerability in the Grafana monitoring and observability platform is associated with conducting attacks from various sources against authenticated users of Grafana with high privileges. Exploiting this vulnerability could enable a remote attacker to escalate their privileges."
BDU:2024-02597
DESCRIPTION: Exploit Observer has 16 entries in 4 file formats related to BDU:2024-02597. "The vulnerability in the monitoring and observability platform Grafana related to cross-site request forgery, allows an attacker to escalate their privileges. The vulnerability in the Grafana monitoring and observability platform is associated with conducting attacks from various sources against authenticated users of Grafana with high privileges. Exploiting this vulnerability could enable a remote attacker to escalate their privileges."
#ExploitObserverAlert
PD/http/cves/2018/CVE-2018-10738
DESCRIPTION: Exploit Observer has 13 entries in 6 file formats related to PD/http/cves/2018/CVE-2018-10738. A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
PD/http/cves/2018/CVE-2018-10738
DESCRIPTION: Exploit Observer has 13 entries in 6 file formats related to PD/http/cves/2018/CVE-2018-10738. A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
#ExploitObserverAlert
BDU:2024-02610
DESCRIPTION: Exploit Observer has 26 entries in 9 file formats related to BDU:2024-02610. Vulnerability in the Node.js follow-redirects module, associated with insufficient protection of sensitive data, allows an attacker to gain unauthorized access to protected information. The vulnerability in the Node.js follow-redirects module is related to inadequate protection of sensitive data. Exploiting the vulnerability could allow a remote attacker to gain unauthorized access to protected information.
BDU:2024-02610
DESCRIPTION: Exploit Observer has 26 entries in 9 file formats related to BDU:2024-02610. Vulnerability in the Node.js follow-redirects module, associated with insufficient protection of sensitive data, allows an attacker to gain unauthorized access to protected information. The vulnerability in the Node.js follow-redirects module is related to inadequate protection of sensitive data. Exploiting the vulnerability could allow a remote attacker to gain unauthorized access to protected information.
#ExploitObserverAlert
BDU:2024-02621
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-02621. The vulnerability of the Grafana monitoring and observation platform, related to incorrect cryptographic signature verification, allows an attacker to install malicious software on a vulnerable device. The vulnerability in the Grafana monitoring and observation platform is related to bypassing plugin signature verification. Exploiting the vulnerability can allow a remote attacker to install malicious software on a vulnerable device.
BDU:2024-02621
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to BDU:2024-02621. The vulnerability of the Grafana monitoring and observation platform, related to incorrect cryptographic signature verification, allows an attacker to install malicious software on a vulnerable device. The vulnerability in the Grafana monitoring and observation platform is related to bypassing plugin signature verification. Exploiting the vulnerability can allow a remote attacker to install malicious software on a vulnerable device.
#ExploitObserverAlert
BDU:2024-02598
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to BDU:2024-02598. Vulnerability of the Grafana monitoring and observability platform is related to URL redirection to an untrusted site, allowing an attacker to redirect a user to an arbitrary website. The vulnerability in the Grafana monitoring and observability platform is associated with bypassing security configurations if a malicious data source is operating on an authorized host. Exploiting the vulnerability could allow a remote attacker to redirect a user to an arbitrary site.
BDU:2024-02598
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to BDU:2024-02598. Vulnerability of the Grafana monitoring and observability platform is related to URL redirection to an untrusted site, allowing an attacker to redirect a user to an arbitrary website. The vulnerability in the Grafana monitoring and observability platform is associated with bypassing security configurations if a malicious data source is operating on an authorized host. Exploiting the vulnerability could allow a remote attacker to redirect a user to an arbitrary site.
#ExploitObserverAlert
BDU:2024-02613
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02613. Vulnerability in the adodb_addslashes() function of the adodb library allows an attacker to bypass the authentication process. The vulnerability in the adodb library's adodb_addslashes() function is related to improper authentication. Exploiting this vulnerability may enable a remote attacker to bypass the authentication process.
BDU:2024-02613
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to BDU:2024-02613. Vulnerability in the adodb_addslashes() function of the adodb library allows an attacker to bypass the authentication process. The vulnerability in the adodb library's adodb_addslashes() function is related to improper authentication. Exploiting this vulnerability may enable a remote attacker to bypass the authentication process.
#ExploitObserverAlert
BDU:2024-02608
DESCRIPTION: Exploit Observer has 27 entries in 5 file formats related to BDU:2024-02608. The vulnerability of the Apache Tomcat application server, associated with inadequate input data validation, allows an attacker to cause a denial of service. The vulnerability of the Apache Tomcat application server is linked to insufficient input data validation. Exploiting this vulnerability may enable a remote attacker to cause a denial of service using specially crafted HTTP/2 requests.
BDU:2024-02608
DESCRIPTION: Exploit Observer has 27 entries in 5 file formats related to BDU:2024-02608. The vulnerability of the Apache Tomcat application server, associated with inadequate input data validation, allows an attacker to cause a denial of service. The vulnerability of the Apache Tomcat application server is linked to insufficient input data validation. Exploiting this vulnerability may enable a remote attacker to cause a denial of service using specially crafted HTTP/2 requests.
#ExploitObserverAlert
PSS-177936
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to PSS-177936. Ubuntu Security Notice USN-6710-2. Ubuntu Security Notice 6710-2 - USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code.
PSS-177936
DESCRIPTION: Exploit Observer has 12 entries in 3 file formats related to PSS-177936. Ubuntu Security Notice USN-6710-2. Ubuntu Security Notice 6710-2 - USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code.
#ExploitObserverAlert
BDU:2024-02580
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to BDU:2024-02580. Vulnerability of the modular interface between Rack web servers and web applications, related to uncontrolled resource consumption, allowing an attacker to cause a denial of service. The vulnerability of the modular interface between Rack web servers and web applications is associated with the creation of input data that can cause analysis of the Content-Disposition header in Rack to take an unexpected amount of time. Exploiting the vulnerability can allow a remote attacker to cause a denial of service.
BDU:2024-02580
DESCRIPTION: Exploit Observer has 13 entries in 3 file formats related to BDU:2024-02580. Vulnerability of the modular interface between Rack web servers and web applications, related to uncontrolled resource consumption, allowing an attacker to cause a denial of service. The vulnerability of the modular interface between Rack web servers and web applications is associated with the creation of input data that can cause analysis of the Content-Disposition header in Rack to take an unexpected amount of time. Exploiting the vulnerability can allow a remote attacker to cause a denial of service.