#ExploitObserverAlert
CVE-2023-34039
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2023-34039. Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
FIRST-EPSS: 0.212410000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-34039
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2023-34039. Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
FIRST-EPSS: 0.212410000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-48149
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-48149. Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
FIRST-EPSS: 0.000760000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-48149
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-48149. Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
FIRST-EPSS: 0.000760000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-42100
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-42100. KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2022-42100
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-42100. KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.
FIRST-EPSS: 0.000510000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2020-0681
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-0681. A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0734.
FIRST-EPSS: 0.013620000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2020-0681
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-0681. A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0734.
FIRST-EPSS: 0.013620000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2023-22515
DESCRIPTION: Exploit Observer has 209 entries related to CVE-2023-22515. Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
FIRST-EPSS: 0.955290000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-22515
DESCRIPTION: Exploit Observer has 209 entries related to CVE-2023-22515. Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
FIRST-EPSS: 0.955290000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-34527
DESCRIPTION: Exploit Observer has 193 entries related to CVE-2021-34527. Windows Print Spooler Remote Code Execution Vulnerability
FIRST-EPSS: 0.967920000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-34527
DESCRIPTION: Exploit Observer has 193 entries related to CVE-2021-34527. Windows Print Spooler Remote Code Execution Vulnerability
FIRST-EPSS: 0.967920000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-36054
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36054. lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
FIRST-EPSS: 0.002320000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-36054
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-36054. lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
FIRST-EPSS: 0.002320000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-20198
DESCRIPTION: Exploit Observer has 153 entries related to CVE-2023-20198. Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
FIRST-EPSS: 0.925950000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2023-20198
DESCRIPTION: Exploit Observer has 153 entries related to CVE-2023-20198. Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
FIRST-EPSS: 0.925950000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-36934
DESCRIPTION: Exploit Observer has 100 entries related to CVE-2021-36934. Windows Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-36934
DESCRIPTION: Exploit Observer has 100 entries related to CVE-2021-36934. Windows Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000870000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-45382
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-45382. A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.
FIRST-EPSS: 0.946040000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-45382
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-45382. A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.
FIRST-EPSS: 0.946040000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2018-6574
DESCRIPTION: Exploit Observer has 121 entries related to CVE-2018-6574. Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
FIRST-EPSS: 0.007090000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2018-6574
DESCRIPTION: Exploit Observer has 121 entries related to CVE-2018-6574. Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
FIRST-EPSS: 0.007090000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-4528
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-4528. Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface
FIRST-EPSS: 0.000520000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2023-4528
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-4528. Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface
FIRST-EPSS: 0.000520000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2021-25395
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-25395. A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
FIRST-EPSS: 0.002380000
NVD-IS: 5.9
NVD-ES: 0.5
CVE-2021-25395
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-25395. A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
FIRST-EPSS: 0.002380000
NVD-IS: 5.9
NVD-ES: 0.5
#ExploitObserverAlert
CVE-2023-4966
DESCRIPTION: Exploit Observer has 120 entries related to CVE-2023-4966. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
FIRST-EPSS: 0.922670000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-4966
DESCRIPTION: Exploit Observer has 120 entries related to CVE-2023-4966. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
FIRST-EPSS: 0.922670000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-32031
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-32031. Microsoft Exchange Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.143360000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-32031
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-32031. Microsoft Exchange Server Remote Code Execution Vulnerability
FIRST-EPSS: 0.143360000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2016-0705
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2016-0705. Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
FIRST-EPSS: 0.027960000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-0705
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2016-0705. Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
FIRST-EPSS: 0.027960000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2014-3507
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2014-3507. Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.
FIRST-EPSS: 0.930920000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2014-3507
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2014-3507. Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.
FIRST-EPSS: 0.930920000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2023-44487
DESCRIPTION: Exploit Observer has 54 entries related to CVE-2023-44487. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
FIRST-EPSS: 0.527480000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-44487
DESCRIPTION: Exploit Observer has 54 entries related to CVE-2023-44487. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
FIRST-EPSS: 0.527480000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4586
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4586. A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
FIRST-EPSS: 0.000870000
NVD-IS: 5.2
NVD-ES: 2.2
CVE-2023-4586
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4586. A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
FIRST-EPSS: 0.000870000
NVD-IS: 5.2
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2022-3108
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-3108. An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
FIRST-EPSS: 0.000430000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2022-3108
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-3108. An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
FIRST-EPSS: 0.000430000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-8771
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-8771. The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
FIRST-EPSS: 0.061420000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-8771
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-8771. The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
FIRST-EPSS: 0.061420000
NVD-IS: 5.9
NVD-ES: 3.9