#ExploitObserverAlert
CVE-2023-26244
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26244. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-26244
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26244. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-26246
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26246. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-26246
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-26246. An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-47668
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47668.
FIRST-EPSS: 0.000430000
CVE-2023-47668
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47668.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2021-4046
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-4046. The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.
FIRST-EPSS: 0.000540000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2021-4046
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-4046. The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.
FIRST-EPSS: 0.000540000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-2094
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2094. A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2094
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2094. A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-36439
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36439. Microsoft Exchange Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 2.1
CVE-2023-36439
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36439. Microsoft Exchange Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.000610000
NVD-IS: 5.9
NVD-ES: 2.1
#ExploitObserverAlert
CVE-2023-36427
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-36427. Windows Hyper-V Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 1.0
CVE-2023-36427
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-36427. Windows Hyper-V Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 1.0
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-34020
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-34020.
PD/http/cves/2023/CVE-2023-34020
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-34020.
#ExploitObserverAlert
CVE-2017-1743
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2017-1743. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.
FIRST-EPSS: 0.001590000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2017-1743
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2017-1743. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.
FIRST-EPSS: 0.001590000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-28885
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28885. The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via a crafted MP3 file.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9
CVE-2023-28885
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28885. The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via a crafted MP3 file.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9
#ExploitObserverAlert
CVE-2023-2093
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2093. A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226101 was assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2093
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2093. A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226101 was assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-22372
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22372. In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2023-22372
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22372. In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-26257
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-26257. An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-26257
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-26257. An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-38766
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-38766. The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.
FIRST-EPSS: 0.000450000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2022-38766
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-38766. The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.
FIRST-EPSS: 0.000450000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-2773
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2773. A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.
FIRST-EPSS: 0.000640000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-2773
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2773. A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.
FIRST-EPSS: 0.000640000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-30057
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-30057. A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.
FIRST-EPSS: 0.000580000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2021-30057
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-30057. A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.
FIRST-EPSS: 0.000580000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2000-0507
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2000-0507. Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.
FIRST-EPSS: 0.031470000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2000-0507
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2000-0507. Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.
FIRST-EPSS: 0.031470000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2023-21109
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-21109. In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-21109
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-21109. In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-2479
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2479. OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.
FIRST-EPSS: 0.961880000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2479
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2479. OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.
FIRST-EPSS: 0.961880000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-32434
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2023-32434. An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
FIRST-EPSS: 0.000730000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-32434
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2023-32434. An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
FIRST-EPSS: 0.000730000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-38817
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-38817. An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself."
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-38817
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-38817. An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself."
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8