#ExploitObserverAlert
CVE-2016-5195
DESCRIPTION: Exploit Observer has 548 entries related to CVE-2016-5195. Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
FIRST-EPSS: 0.879360000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2016-5195
DESCRIPTION: Exploit Observer has 548 entries related to CVE-2016-5195. Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
FIRST-EPSS: 0.879360000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-29357
DESCRIPTION: Exploit Observer has 36 entries related to CVE-2023-29357. Microsoft SharePoint Server Elevation of Privilege Vulnerability
FIRST-EPSS: 0.688010000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-29357
DESCRIPTION: Exploit Observer has 36 entries related to CVE-2023-29357. Microsoft SharePoint Server Elevation of Privilege Vulnerability
FIRST-EPSS: 0.688010000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-gww8-rh9f-5mjq
DESCRIPTION: Exploit Observer has 22 entries related to GHSA-GWW8-RH9F-5MJQ. Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
GHSS: 9.8
GHSA-gww8-rh9f-5mjq
DESCRIPTION: Exploit Observer has 22 entries related to GHSA-GWW8-RH9F-5MJQ. Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
GHSS: 9.8
#ExploitObserverAlert
CVE-2022-21248
DESCRIPTION: Exploit Observer has 22 entries related to CVE-2022-21248. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
FIRST-EPSS: 0.000960000
NVD-IS: 1.4
NVD-ES: 2.2
CVE-2022-21248
DESCRIPTION: Exploit Observer has 22 entries related to CVE-2022-21248. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
FIRST-EPSS: 0.000960000
NVD-IS: 1.4
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2023-47184
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-47184. Auth. (admin ) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar
CVE-2023-47184
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-47184. Auth. (admin ) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar
#ExploitObserverAlert
CVE-2020-13405
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2020-13405. userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.
FIRST-EPSS: 0.008120000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-13405
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2020-13405. userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.
FIRST-EPSS: 0.008120000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-23752
DESCRIPTION: Exploit Observer has 87 entries related to CVE-2023-23752. An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
FIRST-EPSS: 0.750890000
NVD-IS: 1.4
NVD-ES: 3.9
CVE-2023-23752
DESCRIPTION: Exploit Observer has 87 entries related to CVE-2023-23752. An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
FIRST-EPSS: 0.750890000
NVD-IS: 1.4
NVD-ES: 3.9
#ExploitObserverAlert
GHSA-vx8v-g3p3-88vg
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-VX8V-G3P3-88VG. The secrethash, which the application relies for multiple security measures, can be brute-forced. The hash is quite small, with only 10 characters of only hexadecimal, making 16^10 possilibities ( 1.099.511.627.776 ). The SHA1 of the secret can be obtained via a captcha string and brute-forced offline with an GPU.
GHSS: 7.5
GHSA-vx8v-g3p3-88vg
DESCRIPTION: Exploit Observer has 4 entries related to GHSA-VX8V-G3P3-88VG. The secrethash, which the application relies for multiple security measures, can be brute-forced. The hash is quite small, with only 10 characters of only hexadecimal, making 16^10 possilibities ( 1.099.511.627.776 ). The SHA1 of the secret can be obtained via a captcha string and brute-forced offline with an GPU.
GHSS: 7.5
#ExploitObserverAlert
GHSA-w244-m45p-g2fh
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-W244-M45P-G2FH. Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.
GHSS: 8.8
GHSA-w244-m45p-g2fh
DESCRIPTION: Exploit Observer has 1 entries related to GHSA-W244-M45P-G2FH. Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.
GHSS: 8.8
#ExploitObserverAlert
CVE-2023-46604
DESCRIPTION: Exploit Observer has 100 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
FIRST-EPSS: 0.966470000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-46604
DESCRIPTION: Exploit Observer has 100 entries related to CVE-2023-46604. The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
FIRST-EPSS: 0.966470000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-49103
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2023-49103. An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.
FIRST-EPSS: 0.009170000
CVE-2023-49103
DESCRIPTION: Exploit Observer has 16 entries related to CVE-2023-49103. An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.
FIRST-EPSS: 0.009170000
#ExploitObserverAlert
CVE-2023-46695
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46695. An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
FIRST-EPSS: 0.000530000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2023-46695
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46695. An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
FIRST-EPSS: 0.000530000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2022-42537
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-42537. Remote code execution
CVE-2022-42537
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-42537. Remote code execution
#ExploitObserverAlert
CVE-2022-42539
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-42539. Information disclosure
CVE-2022-42539
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-42539. Information disclosure
#ExploitObserverAlert
CVE-2023-47037
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47037. We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.
FIRST-EPSS: 0.000710000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2023-47037
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-47037. We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.
FIRST-EPSS: 0.000710000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2021-2394
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2021-2394. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.077170000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2021-2394
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2021-2394. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
FIRST-EPSS: 0.077170000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-1389
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2023-1389. TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
FIRST-EPSS: 0.063550000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-1389
DESCRIPTION: Exploit Observer has 15 entries related to CVE-2023-1389. TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
FIRST-EPSS: 0.063550000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-42780
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-42780. Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2023-42780
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-42780. Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2023-2387
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2387. A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000500000
NVD-IS: 2.7
NVD-ES: 1.7
CVE-2023-2387
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2387. A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.000500000
NVD-IS: 2.7
NVD-ES: 1.7
#ExploitObserverAlert
CVE-2023-38545
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2023-38545. This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-38545
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2023-38545. This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.
FIRST-EPSS: 0.000650000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-6345
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-6345. Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
FIRST-EPSS: 0.000470000
CVE-2023-6345
DESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-6345. Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
FIRST-EPSS: 0.000470000