#ExploitObserverAlert
CVE-2023-26048
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-26048. Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).
FIRST-EPSS: 0.001310000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-26048
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-26048. Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).
FIRST-EPSS: 0.001310000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-42841
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-42841. The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-42841
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-42841. The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.
FIRST-EPSS: 0.000530000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-44268
DESCRIPTION: Exploit Observer has 62 entries related to CVE-2022-44268. ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
FIRST-EPSS: 0.013800000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2022-44268
DESCRIPTION: Exploit Observer has 62 entries related to CVE-2022-44268. ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
FIRST-EPSS: 0.013800000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-22720
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2022-22720. Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
FIRST-EPSS: 0.011430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-22720
DESCRIPTION: Exploit Observer has 25 entries related to CVE-2022-22720. Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
FIRST-EPSS: 0.011430000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-0688
DESCRIPTION: Exploit Observer has 150 entries related to CVE-2020-0688. A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
FIRST-EPSS: 0.972010000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2020-0688
DESCRIPTION: Exploit Observer has 150 entries related to CVE-2020-0688. A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
FIRST-EPSS: 0.972010000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-24441
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-24441. Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-24441
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-24441. Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
FIRST-EPSS: 0.000910000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-34746
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-34746. A vulnerability in the TACACS authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.
FIRST-EPSS: 0.008800000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-34746
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-34746. A vulnerability in the TACACS authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.
FIRST-EPSS: 0.008800000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-1388
DESCRIPTION: Exploit Observer has 212 entries related to CVE-2022-1388. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
FIRST-EPSS: 0.973550000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-1388
DESCRIPTION: Exploit Observer has 212 entries related to CVE-2022-1388. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
FIRST-EPSS: 0.973550000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-23583
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2023-23583. Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
FIRST-EPSS: 0.000440000
CVE-2023-23583
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2023-23583. Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
FIRST-EPSS: 0.000440000
#ExploitObserverAlert
CVE-2022-22954
DESCRIPTION: Exploit Observer has 103 entries related to CVE-2022-22954. VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
FIRST-EPSS: 0.973610000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-22954
DESCRIPTION: Exploit Observer has 103 entries related to CVE-2022-22954. VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
FIRST-EPSS: 0.973610000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-34020
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-34020.
PD/http/cves/2023/CVE-2023-34020
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-34020.
#ExploitObserverAlert
CVE-2023-22515
DESCRIPTION: Exploit Observer has 240 entries related to CVE-2023-22515. Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
FIRST-EPSS: 0.955290000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-22515
DESCRIPTION: Exploit Observer has 240 entries related to CVE-2023-22515. Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
FIRST-EPSS: 0.955290000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-22980
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2022-22980. A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
FIRST-EPSS: 0.010400000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-22980
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2022-22980. A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
FIRST-EPSS: 0.010400000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-4395
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-4395. The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
FIRST-EPSS: 0.001560000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-4395
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-4395. The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
FIRST-EPSS: 0.001560000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-21974
DESCRIPTION: Exploit Observer has 56 entries related to CVE-2021-21974. OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
FIRST-EPSS: 0.754340000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-21974
DESCRIPTION: Exploit Observer has 56 entries related to CVE-2021-21974. OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
FIRST-EPSS: 0.754340000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-9053
DESCRIPTION: Exploit Observer has 49 entries related to CVE-2019-9053. An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
FIRST-EPSS: 0.016140000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2019-9053
DESCRIPTION: Exploit Observer has 49 entries related to CVE-2019-9053. An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
FIRST-EPSS: 0.016140000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2021-22219
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-22219. All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
FIRST-EPSS: 0.000800000
NVD-IS: 3.6
NVD-ES: 1.2
CVE-2021-22219
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-22219. All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
FIRST-EPSS: 0.000800000
NVD-IS: 3.6
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2020-7059
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2020-7059. When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
FIRST-EPSS: 0.003070000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2020-7059
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2020-7059. When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
FIRST-EPSS: 0.003070000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-41048
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41048. plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds.
FIRST-EPSS: 0.002690000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-41048
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41048. plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds.
FIRST-EPSS: 0.002690000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-4966
DESCRIPTION: Exploit Observer has 339 entries related to CVE-2023-4966. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
FIRST-EPSS: 0.922670000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-4966
DESCRIPTION: Exploit Observer has 339 entries related to CVE-2023-4966. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
FIRST-EPSS: 0.922670000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-33891
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2022-33891. The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
FIRST-EPSS: 0.965350000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-33891
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2022-33891. The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
FIRST-EPSS: 0.965350000
NVD-IS: 5.9
NVD-ES: 2.8