#ExploitObserverAlert
CVE-2015-8835
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2015-8835. The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.
FIRST-EPSS: 0.101390000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2015-8835
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2015-8835. The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.
FIRST-EPSS: 0.101390000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-8p63-mwfp-hjrv
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-8P63-MWFP-HJRV.
GHSA-8p63-mwfp-hjrv
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-8P63-MWFP-HJRV.
#ExploitObserverAlert
CVE-2016-4655
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2016-4655. The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
FIRST-EPSS: 0.865630000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2016-4655
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2016-4655. The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
FIRST-EPSS: 0.865630000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-4252
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4252.
CVE-2023-4252
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4252.
#ExploitObserverAlert
CVE-2023-4911
DESCRIPTION: Exploit Observer has 238 entries related to CVE-2023-4911. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
FIRST-EPSS: 0.018070000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-4911
DESCRIPTION: Exploit Observer has 238 entries related to CVE-2023-4911. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
FIRST-EPSS: 0.018070000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-48034
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48034. An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.
CVE-2023-48034
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-48034. An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.
#ExploitObserverAlert
CVE-2023-5620
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5620.
CVE-2023-5620
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-5620.
#ExploitObserverAlert
CVE-2021-33771
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-33771. Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31979, CVE-2021-34514.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-33771
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2021-33771. Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31979, CVE-2021-34514.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2017-7679
DESCRIPTION: Exploit Observer has 70 entries related to CVE-2017-7679. In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
FIRST-EPSS: 0.006430000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2017-7679
DESCRIPTION: Exploit Observer has 70 entries related to CVE-2017-7679. In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
FIRST-EPSS: 0.006430000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2014-0160
DESCRIPTION: Exploit Observer has 656 entries related to CVE-2014-0160. The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
FIRST-EPSS: 0.975310000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2014-0160
DESCRIPTION: Exploit Observer has 656 entries related to CVE-2014-0160. The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
FIRST-EPSS: 0.975310000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4357
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-4357. Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.001280000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-4357
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-4357. Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.001280000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-36664
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-36664. Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
FIRST-EPSS: 0.000550000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-36664
DESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-36664. Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
FIRST-EPSS: 0.000550000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2007-1858
DESCRIPTION: Exploit Observer has 43 entries related to CVE-2007-1858. The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
FIRST-EPSS: 0.004720000
NVD-IS: 2.9
NVD-ES: 4.9
CVE-2007-1858
DESCRIPTION: Exploit Observer has 43 entries related to CVE-2007-1858. The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
FIRST-EPSS: 0.004720000
NVD-IS: 2.9
NVD-ES: 4.9
#ExploitObserverAlert
CVE-2010-0249
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2010-0249. Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."
FIRST-EPSS: 0.972890000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2010-0249
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2010-0249. Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."
FIRST-EPSS: 0.972890000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2016-4657
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2016-4657. WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
FIRST-EPSS: 0.875950000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2016-4657
DESCRIPTION: Exploit Observer has 30 entries related to CVE-2016-4657. WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
FIRST-EPSS: 0.875950000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-27544
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-27544. An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py.
FIRST-EPSS: 0.002350000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-27544
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-27544. An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py.
FIRST-EPSS: 0.002350000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2014-0226
DESCRIPTION: Exploit Observer has 65 entries related to CVE-2014-0226. Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
FIRST-EPSS: 0.955730000
NVD-IS: 6.4
NVD-ES: 8.6
CVE-2014-0226
DESCRIPTION: Exploit Observer has 65 entries related to CVE-2014-0226. Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
FIRST-EPSS: 0.955730000
NVD-IS: 6.4
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2015-9251
DESCRIPTION: Exploit Observer has 62 entries related to CVE-2015-9251. jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
FIRST-EPSS: 0.006600000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2015-9251
DESCRIPTION: Exploit Observer has 62 entries related to CVE-2015-9251. jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
FIRST-EPSS: 0.006600000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-31979
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-31979. Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33771, CVE-2021-34514.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-31979
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-31979. Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33771, CVE-2021-34514.
FIRST-EPSS: 0.000430000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-2598
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2598. A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-2598
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-2598. A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-29901
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2022-29901. Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
FIRST-EPSS: 0.000680000
NVD-IS: 4.0
NVD-ES: 2.0
CVE-2022-29901
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2022-29901. Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
FIRST-EPSS: 0.000680000
NVD-IS: 4.0
NVD-ES: 2.0