#ExploitObserverAlert
CVE-2023-36427
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-36427. Windows Hyper-V Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 1.0
CVE-2023-36427
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-36427. Windows Hyper-V Elevation of Privilege Vulnerability
FIRST-EPSS: 0.001460000
NVD-IS: 5.9
NVD-ES: 1.0
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-34020
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-34020.
PD/http/cves/2023/CVE-2023-34020
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-34020.
#ExploitObserverAlert
CVE-2017-1743
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2017-1743. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.
FIRST-EPSS: 0.001590000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2017-1743
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2017-1743. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.
FIRST-EPSS: 0.001590000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-28885
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28885. The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via a crafted MP3 file.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9
CVE-2023-28885
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28885. The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via a crafted MP3 file.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9
#ExploitObserverAlert
CVE-2023-2093
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2093. A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226101 was assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2093
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2093. A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226101 was assigned to this vulnerability.
FIRST-EPSS: 0.000630000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-22372
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22372. In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 2.2
CVE-2023-22372
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22372. In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
FIRST-EPSS: 0.000480000
NVD-IS: 3.6
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-26257
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-26257. An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-26257
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-26257. An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-38766
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-38766. The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.
FIRST-EPSS: 0.000450000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2022-38766
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2022-38766. The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.
FIRST-EPSS: 0.000450000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-2773
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2773. A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.
FIRST-EPSS: 0.000640000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-2773
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2773. A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.
FIRST-EPSS: 0.000640000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-30057
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-30057. A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.
FIRST-EPSS: 0.000580000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2021-30057
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-30057. A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.
FIRST-EPSS: 0.000580000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2000-0507
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2000-0507. Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.
FIRST-EPSS: 0.031470000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2000-0507
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2000-0507. Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.
FIRST-EPSS: 0.031470000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2023-21109
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-21109. In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-21109
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-21109. In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-2479
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2479. OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.
FIRST-EPSS: 0.961880000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-2479
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2479. OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.
FIRST-EPSS: 0.961880000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-32434
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2023-32434. An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
FIRST-EPSS: 0.000730000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-32434
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2023-32434. An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
FIRST-EPSS: 0.000730000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-38817
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-38817. An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself."
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-38817
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-38817. An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself."
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-30399
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-30399. Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.
FIRST-EPSS: 0.000620000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2023-30399
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-30399. Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.
FIRST-EPSS: 0.000620000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-49103
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49103. An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.
FIRST-EPSS: 0.000430000
CVE-2023-49103
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49103. An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2023-29389
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-29389. Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated" messages via CAN Injection, as exploited in the wild in (for example) July 2022.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9
CVE-2023-29389
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-29389. Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated" messages via CAN Injection, as exploited in the wild in (for example) July 2022.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 0.9
#ExploitObserverAlert
CVE-2023-23932
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-23932. OpenDDS is an open source C implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-23932
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-23932. OpenDDS is an open source C implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.
FIRST-EPSS: 0.000440000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-30581
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-30581. The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js
FIRST-EPSS: 0.000430000
CVE-2023-30581
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-30581. The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2019-17564
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2019-17564. Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.
FIRST-EPSS: 0.029430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-17564
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2019-17564. Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.
FIRST-EPSS: 0.029430000
NVD-IS: 5.9
NVD-ES: 3.9