#ExploitObserverAlert
CVE-2016-0705
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2016-0705. Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
FIRST-EPSS: 0.027960000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2016-0705
DESCRIPTION: Exploit Observer has 58 entries related to CVE-2016-0705. Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
FIRST-EPSS: 0.027960000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2014-3507
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2014-3507. Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.
FIRST-EPSS: 0.930920000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2014-3507
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2014-3507. Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.
FIRST-EPSS: 0.930920000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2023-44487
DESCRIPTION: Exploit Observer has 54 entries related to CVE-2023-44487. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
FIRST-EPSS: 0.527480000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-44487
DESCRIPTION: Exploit Observer has 54 entries related to CVE-2023-44487. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
FIRST-EPSS: 0.527480000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-4586
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4586. A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
FIRST-EPSS: 0.000870000
NVD-IS: 5.2
NVD-ES: 2.2
CVE-2023-4586
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4586. A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
FIRST-EPSS: 0.000870000
NVD-IS: 5.2
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2022-3108
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-3108. An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
FIRST-EPSS: 0.000430000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2022-3108
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-3108. An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
FIRST-EPSS: 0.000430000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-8771
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-8771. The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
FIRST-EPSS: 0.061420000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2020-8771
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2020-8771. The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
FIRST-EPSS: 0.061420000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-27961
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-27961. Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.
FIRST-EPSS: 0.000550000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2023-27961
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-27961. Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.
FIRST-EPSS: 0.000550000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2022-4214
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-4214. The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
FIRST-EPSS: 0.000720000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2022-4214
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2022-4214. The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
FIRST-EPSS: 0.000720000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-28834
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2021-28834. Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
FIRST-EPSS: 0.017150000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-28834
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2021-28834. Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
FIRST-EPSS: 0.017150000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-36942
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2021-36942. Windows LSA Spoofing Vulnerability
FIRST-EPSS: 0.886700000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2021-36942
DESCRIPTION: Exploit Observer has 27 entries related to CVE-2021-36942. Windows LSA Spoofing Vulnerability
FIRST-EPSS: 0.886700000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-22536
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2022-22536. SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
FIRST-EPSS: 0.958480000
NVD-IS: 6.0
NVD-ES: 3.9
CVE-2022-22536
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2022-22536. SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
FIRST-EPSS: 0.958480000
NVD-IS: 6.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-32443
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-32443. An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to a denial-of-service or potentially disclose memory contents.
FIRST-EPSS: 0.000650000
NVD-IS: 5.2
NVD-ES: 2.8
CVE-2023-32443
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-32443. An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to a denial-of-service or potentially disclose memory contents.
FIRST-EPSS: 0.000650000
NVD-IS: 5.2
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-20610
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-20610. Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "28" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric MELSEC iQ-R Series R16/32/64MTCPU Operating system software version "23" and prior, Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V Firmware versions "16" and prior, Mitsubishi Electric MELSEC Q Series Q03UDECPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series MR-MQ100 Operating system software version "F" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DCPU-S1 Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DSCPU All versions, Mitsubishi Electric MELSEC Q Series Q170MCPU Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q170MSCPU(-S1) All versions, Mitsubishi Electric MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. "23121" and prior and Mitsubishi Electric MELIPC Series MI5122-VW Firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
FIRST-EPSS: 0.002200000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-20610
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-20610. Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "28" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric MELSEC iQ-R Series R16/32/64MTCPU Operating system software version "23" and prior, Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V Firmware versions "16" and prior, Mitsubishi Electric MELSEC Q Series Q03UDECPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series MR-MQ100 Operating system software version "F" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DCPU-S1 Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DSCPU All versions, Mitsubishi Electric MELSEC Q Series Q170MCPU Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q170MSCPU(-S1) All versions, Mitsubishi Electric MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. "23121" and prior and Mitsubishi Electric MELIPC Series MI5122-VW Firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
FIRST-EPSS: 0.002200000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-34048
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-34048. vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
FIRST-EPSS: 0.001660000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-34048
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-34048. vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
FIRST-EPSS: 0.001660000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-20609
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-20609. Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "28" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric MELSEC iQ-R Series R16/32/64MTCPU Operating system software version "23" and prior, Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V Firmware versions "16" and prior, Mitsubishi Electric MELSEC Q Series Q03UDECPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series MR-MQ100 Operating system software version "F" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DCPU-S1 Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DSCPU All versions, Mitsubishi Electric MELSEC Q Series Q170MCPU Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q170MSCPU(-S1) All versions, Mitsubishi Electric MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. "23121" and prior and Mitsubishi Electric MELIPC Series MI5122-VW Firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
FIRST-EPSS: 0.002200000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-20609
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-20609. Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "28" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric MELSEC iQ-R Series R16/32/64MTCPU Operating system software version "23" and prior, Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V Firmware versions "16" and prior, Mitsubishi Electric MELSEC Q Series Q03UDECPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series MR-MQ100 Operating system software version "F" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DCPU-S1 Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DSCPU All versions, Mitsubishi Electric MELSEC Q Series Q170MCPU Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q170MSCPU(-S1) All versions, Mitsubishi Electric MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. "23121" and prior and Mitsubishi Electric MELIPC Series MI5122-VW Firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
FIRST-EPSS: 0.002200000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-26134
DESCRIPTION: Exploit Observer has 231 entries related to CVE-2022-26134. In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
FIRST-EPSS: 0.975190000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-26134
DESCRIPTION: Exploit Observer has 231 entries related to CVE-2022-26134. In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
FIRST-EPSS: 0.975190000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-42793
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2023-42793. In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
FIRST-EPSS: 0.972640000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-42793
DESCRIPTION: Exploit Observer has 18 entries related to CVE-2023-42793. In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
FIRST-EPSS: 0.972640000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2021-20611
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-20611. Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "28" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric MELSEC iQ-R Series R16/32/64MTCPU Operating system software version "23" and prior, Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V Firmware versions "16" and prior, Mitsubishi Electric MELSEC Q Series Q03UDECPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series MR-MQ100 Operating system software version "F" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DCPU-S1 Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DSCPU All versions, Mitsubishi Electric MELSEC Q Series Q170MCPU Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q170MSCPU(-S1) All versions, Mitsubishi Electric MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. "23121" and prior and Mitsubishi Electric MELIPC Series MI5122-VW Firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
FIRST-EPSS: 0.002100000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2021-20611
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2021-20611. Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "28" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, Mitsubishi Electric MELSEC iQ-R Series R16/32/64MTCPU Operating system software version "23" and prior, Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V Firmware versions "16" and prior, Mitsubishi Electric MELSEC Q Series Q03UDECPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, Mitsubishi Electric MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. "24031" and prior, Mitsubishi Electric MELSEC Q Series MR-MQ100 Operating system software version "F" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DCPU-S1 Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q172/173DSCPU All versions, Mitsubishi Electric MELSEC Q Series Q170MCPU Operating system software version "W" and prior, Mitsubishi Electric MELSEC Q Series Q170MSCPU(-S1) All versions, Mitsubishi Electric MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. "23121" and prior, Mitsubishi Electric MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. "23121" and prior and Mitsubishi Electric MELIPC Series MI5122-VW Firmware versions "05" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.
FIRST-EPSS: 0.002100000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-44262
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-44262. ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).
FIRST-EPSS: 0.003020000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2022-44262
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2022-44262. ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).
FIRST-EPSS: 0.003020000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2008-5161
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2008-5161. Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
FIRST-EPSS: 0.010490000
NVD-IS: 2.9
NVD-ES: 4.9
CVE-2008-5161
DESCRIPTION: Exploit Observer has 53 entries related to CVE-2008-5161. Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
FIRST-EPSS: 0.010490000
NVD-IS: 2.9
NVD-ES: 4.9
#ExploitObserverAlert
CVE-2023-36802
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2023-36802. Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000540000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-36802
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2023-36802. Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
FIRST-EPSS: 0.000540000
NVD-IS: 5.9
NVD-ES: 1.8