#ExploitObserverAlert
CVE-2023-24536
DESCRIPTION: Exploit Observer has 19 entries in 4 file formats related to CVE-2023-24536. Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.
FIRST-EPSS: 0.004530000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7024624
CVE-2023-24536
DESCRIPTION: Exploit Observer has 19 entries in 4 file formats related to CVE-2023-24536. Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.
FIRST-EPSS: 0.004530000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7024624
#ExploitObserverAlert
CVE-2018-18548
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to CVE-2018-18548. ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.
FIRST-EPSS: 0.001390000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.825083
CVE-2018-18548
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to CVE-2018-18548. ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.
FIRST-EPSS: 0.001390000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.825083
#ExploitObserverAlert
CVE-2024-32405
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-32405. Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.8062153
CVE-2024-32405
DESCRIPTION: Exploit Observer has 4 entries in 2 file formats related to CVE-2024-32405. Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.
FIRST-EPSS: 0.000430000
ARPS-PRIORITY: 0.8062153
#ExploitObserverAlert
CVE-2021-32560
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2021-32560. The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.
FIRST-EPSS: 0.001180000
NVD-IS: 3.6
NVD-ES: 2.8
ARPS-PRIORITY: 0.7206923
CVE-2021-32560
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2021-32560. The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.
FIRST-EPSS: 0.001180000
NVD-IS: 3.6
NVD-ES: 2.8
ARPS-PRIORITY: 0.7206923
#ExploitObserverAlert
CVE-2022-25887
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to CVE-2022-25887. The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
FIRST-EPSS: 0.001210000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7187958
CVE-2022-25887
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to CVE-2022-25887. The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
FIRST-EPSS: 0.001210000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7187958
#ExploitObserverAlert
CVE-2020-25592
DESCRIPTION: Exploit Observer has 26 entries in 6 file formats related to CVE-2020-25592. In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
FIRST-EPSS: 0.450680000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9190807
CVE-2020-25592
DESCRIPTION: Exploit Observer has 26 entries in 6 file formats related to CVE-2020-25592. In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
FIRST-EPSS: 0.450680000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9190807
#ExploitObserverAlert
WLB-2024040058
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040058. Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass.
ARPS-PRIORITY: 0.8026542
WLB-2024040058
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040058. Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass.
ARPS-PRIORITY: 0.8026542
#ExploitObserverAlert
CVE-2022-29622
DESCRIPTION: Exploit Observer has 19 entries in 5 file formats related to CVE-2022-29622. An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are configuration options in all versions that can change the default behavior of how files are handled.
FIRST-EPSS: 0.004440000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7061381
CVE-2022-29622
DESCRIPTION: Exploit Observer has 19 entries in 5 file formats related to CVE-2022-29622. An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are configuration options in all versions that can change the default behavior of how files are handled.
FIRST-EPSS: 0.004440000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7061381
#ExploitObserverAlert
CVE-2020-27348
DESCRIPTION: Exploit Observer has 9 entries in 4 file formats related to CVE-2020-27348. In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.
FIRST-EPSS: 0.000900000
NVD-IS: 5.5
NVD-ES: 1.3
ARPS-PRIORITY: 0.7040618
CVE-2020-27348
DESCRIPTION: Exploit Observer has 9 entries in 4 file formats related to CVE-2020-27348. In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.
FIRST-EPSS: 0.000900000
NVD-IS: 5.5
NVD-ES: 1.3
ARPS-PRIORITY: 0.7040618
#ExploitObserverAlert
CVE-2020-13980
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2020-13980. OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you are still required to be logged into the admin.
FIRST-EPSS: 0.000720000
NVD-IS: 2.7
NVD-ES: 1.7
ARPS-PRIORITY: 0.8285297
CVE-2020-13980
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2020-13980. OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you are still required to be logged into the admin.
FIRST-EPSS: 0.000720000
NVD-IS: 2.7
NVD-ES: 1.7
ARPS-PRIORITY: 0.8285297
#ExploitObserverAlert
CVE-2021-25282
DESCRIPTION: Exploit Observer has 40 entries in 6 file formats related to CVE-2021-25282. An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
FIRST-EPSS: 0.852840000
NVD-IS: 5.2
NVD-ES: 3.9
ARPS-PRIORITY: 0.9245408
CVE-2021-25282
DESCRIPTION: Exploit Observer has 40 entries in 6 file formats related to CVE-2021-25282. An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.
FIRST-EPSS: 0.852840000
NVD-IS: 5.2
NVD-ES: 3.9
ARPS-PRIORITY: 0.9245408
#ExploitObserverAlert
CVE-2022-24769
DESCRIPTION: Exploit Observer has 27 entries in 5 file formats related to CVE-2022-24769. Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.
FIRST-EPSS: 0.000930000
NVD-IS: 3.4
NVD-ES: 2.5
ARPS-PRIORITY: 0.7313165
CVE-2022-24769
DESCRIPTION: Exploit Observer has 27 entries in 5 file formats related to CVE-2022-24769. Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.
FIRST-EPSS: 0.000930000
NVD-IS: 3.4
NVD-ES: 2.5
ARPS-PRIORITY: 0.7313165
#ExploitObserverAlert
CVE-2022-41724
DESCRIPTION: Exploit Observer has 16 entries in 4 file formats related to CVE-2022-41724. Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
FIRST-EPSS: 0.001070000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7237197
CVE-2022-41724
DESCRIPTION: Exploit Observer has 16 entries in 4 file formats related to CVE-2022-41724. Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
FIRST-EPSS: 0.001070000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7237197
#ExploitObserverAlert
CVE-2019-15598
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to CVE-2019-15598. A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
FIRST-EPSS: 0.004020000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7180874
CVE-2019-15598
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to CVE-2019-15598. A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
FIRST-EPSS: 0.004020000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7180874
#ExploitObserverAlert
CVE-2021-29002
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2021-29002. A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.
FIRST-EPSS: 0.000780000
NVD-IS: 2.7
NVD-ES: 2.3
ARPS-PRIORITY: 0.8197031
CVE-2021-29002
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2021-29002. A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.
FIRST-EPSS: 0.000780000
NVD-IS: 2.7
NVD-ES: 2.3
ARPS-PRIORITY: 0.8197031
#ExploitObserverAlert
CVE-2020-7658
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to CVE-2020-7658. meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.
FIRST-EPSS: 0.001160000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.7195404
CVE-2020-7658
DESCRIPTION: Exploit Observer has 8 entries in 2 file formats related to CVE-2020-7658. meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.
FIRST-EPSS: 0.001160000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.7195404
#ExploitObserverAlert
CVE-2022-25759
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2022-25759. The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.
FIRST-EPSS: 0.071250000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7197403
CVE-2022-25759
DESCRIPTION: Exploit Observer has 7 entries in 2 file formats related to CVE-2022-25759. The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.
FIRST-EPSS: 0.071250000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.7197403
#ExploitObserverAlert
CVE-2017-7466
DESCRIPTION: Exploit Observer has 17 entries in 3 file formats related to CVE-2017-7466. Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
FIRST-EPSS: 0.004190000
NVD-IS: 5.9
NVD-ES: 2.1
ARPS-PRIORITY: 0.8256592
CVE-2017-7466
DESCRIPTION: Exploit Observer has 17 entries in 3 file formats related to CVE-2017-7466. Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
FIRST-EPSS: 0.004190000
NVD-IS: 5.9
NVD-ES: 2.1
ARPS-PRIORITY: 0.8256592
#ExploitObserverAlert
CVE-2021-46920
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2021-46920. In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback Current code blindly writes over the SWERR and the OVERFLOW bits. Write back the bits actually read instead so the driver avoids clobbering the OVERFLOW bit that comes after the register is read.
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-PRIORITY: 0.7131285
CVE-2021-46920
DESCRIPTION: Exploit Observer has 10 entries in 2 file formats related to CVE-2021-46920. In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback Current code blindly writes over the SWERR and the OVERFLOW bits. Write back the bits actually read instead so the driver avoids clobbering the OVERFLOW bit that comes after the register is read.
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 1.8
ARPS-PRIORITY: 0.7131285
#ExploitObserverAlert
WLB-2024040057
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040057. LRMS-PHP-by-oretnom23-v1.0 hat-trick.
ARPS-PRIORITY: 0.8026542
WLB-2024040057
DESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to WLB-2024040057. LRMS-PHP-by-oretnom23-v1.0 hat-trick.
ARPS-PRIORITY: 0.8026542
#ExploitObserverAlert
CVE-2024-21511
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21511. Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7131285
CVE-2024-21511
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-21511. Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7131285