#ExploitObserverAlert
PD/http/cves/2023/CVE-2023-34020
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-34020.
PD/http/cves/2023/CVE-2023-34020
DESCRIPTION: Exploit Observer has 2 entries related to PD/http/cves/2023/CVE-2023-34020.
#ExploitObserverAlert
CVE-2023-22515
DESCRIPTION: Exploit Observer has 240 entries related to CVE-2023-22515. Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
FIRST-EPSS: 0.955290000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-22515
DESCRIPTION: Exploit Observer has 240 entries related to CVE-2023-22515. Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
FIRST-EPSS: 0.955290000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-22980
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2022-22980. A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
FIRST-EPSS: 0.010400000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-22980
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2022-22980. A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
FIRST-EPSS: 0.010400000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-4395
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-4395. The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
FIRST-EPSS: 0.001560000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-4395
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-4395. The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
FIRST-EPSS: 0.001560000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-21974
DESCRIPTION: Exploit Observer has 56 entries related to CVE-2021-21974. OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
FIRST-EPSS: 0.754340000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-21974
DESCRIPTION: Exploit Observer has 56 entries related to CVE-2021-21974. OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
FIRST-EPSS: 0.754340000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2019-9053
DESCRIPTION: Exploit Observer has 49 entries related to CVE-2019-9053. An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
FIRST-EPSS: 0.016140000
NVD-IS: 5.9
NVD-ES: 2.2
CVE-2019-9053
DESCRIPTION: Exploit Observer has 49 entries related to CVE-2019-9053. An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
FIRST-EPSS: 0.016140000
NVD-IS: 5.9
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2021-22219
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-22219. All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
FIRST-EPSS: 0.000800000
NVD-IS: 3.6
NVD-ES: 1.2
CVE-2021-22219
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-22219. All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
FIRST-EPSS: 0.000800000
NVD-IS: 3.6
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2020-7059
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2020-7059. When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
FIRST-EPSS: 0.003070000
NVD-IS: 5.2
NVD-ES: 3.9
CVE-2020-7059
DESCRIPTION: Exploit Observer has 17 entries related to CVE-2020-7059. When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
FIRST-EPSS: 0.003070000
NVD-IS: 5.2
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-41048
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41048. plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds.
FIRST-EPSS: 0.002690000
NVD-IS: 2.7
NVD-ES: 2.3
CVE-2023-41048
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-41048. plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds.
FIRST-EPSS: 0.002690000
NVD-IS: 2.7
NVD-ES: 2.3
#ExploitObserverAlert
CVE-2023-4966
DESCRIPTION: Exploit Observer has 339 entries related to CVE-2023-4966. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
FIRST-EPSS: 0.922670000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-4966
DESCRIPTION: Exploit Observer has 339 entries related to CVE-2023-4966. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
FIRST-EPSS: 0.922670000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-33891
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2022-33891. The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
FIRST-EPSS: 0.965350000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2022-33891
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2022-33891. The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
FIRST-EPSS: 0.965350000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
GHSA-r48c-xm7q-2f8v
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-R48C-XM7Q-2F8V.
GHSA-r48c-xm7q-2f8v
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-R48C-XM7Q-2F8V.
#ExploitObserverAlert
GHSA-q84w-p2g5-rxw9
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-Q84W-P2G5-RXW9. The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.
GHSS: 8.2
GHSA-q84w-p2g5-rxw9
DESCRIPTION: Exploit Observer has 3 entries related to GHSA-Q84W-P2G5-RXW9. The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.
GHSS: 8.2
#ExploitObserverAlert
CVE-2017-5689
DESCRIPTION: Exploit Observer has 80 entries related to CVE-2017-5689. An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
FIRST-EPSS: 0.974160000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-5689
DESCRIPTION: Exploit Observer has 80 entries related to CVE-2017-5689. An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
FIRST-EPSS: 0.974160000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-8ppf-x4gr-2x7g
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-8PPF-X4GR-2X7G.
GHSS: 9.8
GHSA-8ppf-x4gr-2x7g
DESCRIPTION: Exploit Observer has 2 entries related to GHSA-8PPF-X4GR-2X7G.
GHSS: 9.8
#ExploitObserverAlert
CVE-2023-2023
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-2023. The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
FIRST-EPSS: 0.000710000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2023-2023
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2023-2023. The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
FIRST-EPSS: 0.000710000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2012-4929
DESCRIPTION: Exploit Observer has 80 entries related to CVE-2012-4929. The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
FIRST-EPSS: 0.001630000
NVD-IS: 2.9
NVD-ES: 4.9
CVE-2012-4929
DESCRIPTION: Exploit Observer has 80 entries related to CVE-2012-4929. The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
FIRST-EPSS: 0.001630000
NVD-IS: 2.9
NVD-ES: 4.9
#ExploitObserverAlert
CVE-2019-2215
DESCRIPTION: Exploit Observer has 66 entries related to CVE-2019-2215. A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
FIRST-EPSS: 0.003000000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2019-2215
DESCRIPTION: Exploit Observer has 66 entries related to CVE-2019-2215. A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
FIRST-EPSS: 0.003000000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2016-4656
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2016-4656. The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
FIRST-EPSS: 0.004560000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2016-4656
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2016-4656. The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
FIRST-EPSS: 0.004560000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-28068
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-28068. A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2022-28068
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-28068. A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.
FIRST-EPSS: 0.000460000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-5209
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5209.
CVE-2023-5209
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5209.