#ExploitObserverAlert
CVE-2020-1631
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-1631. A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with 'world' readable permission file or obtain J-Web session tokens. In the case of command injection, as the HTTP service runs as user 'nobody', the impact of this command injection is limited. (CVSS score 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) In the case of reading files with 'world' readable permission, in Junos OS 19.3R1 and above, the unauthenticated attacker would be able to read the configuration file. (CVSS score 5.9, vector CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) If J-Web is enabled, the attacker could gain the same level of access of anyone actively logged into J-Web. If an administrator is logged in, the attacker could gain administrator access to J-Web. (CVSS score 8.8, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled. Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf To summarize: If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. If HTTP/HTTPS services are enabled and J-Web is not in use, this vulnerability has a CVSS score of 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). If J-Web is enabled, this vulnerability has a CVSS score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Juniper SIRT has received a single report of this vulnerability being exploited in the wild. Out of an abundance of caution, we are notifying customers so they can take appropriate actions. Indicators of Compromise: The /var/log/httpd.log may have indicators that commands have injected or files being accessed. The device administrator can look for these indicators by searching for the string patterns "=*;*
CVE-2020-1631
DESCRIPTION: Exploit Observer has 1 entries related to CVE-2020-1631. A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with 'world' readable permission file or obtain J-Web session tokens. In the case of command injection, as the HTTP service runs as user 'nobody', the impact of this command injection is limited. (CVSS score 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) In the case of reading files with 'world' readable permission, in Junos OS 19.3R1 and above, the unauthenticated attacker would be able to read the configuration file. (CVSS score 5.9, vector CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) If J-Web is enabled, the attacker could gain the same level of access of anyone actively logged into J-Web. If an administrator is logged in, the attacker could gain administrator access to J-Web. (CVSS score 8.8, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled. Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf To summarize: If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. If HTTP/HTTPS services are enabled and J-Web is not in use, this vulnerability has a CVSS score of 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). If J-Web is enabled, this vulnerability has a CVSS score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Juniper SIRT has received a single report of this vulnerability being exploited in the wild. Out of an abundance of caution, we are notifying customers so they can take appropriate actions. Indicators of Compromise: The /var/log/httpd.log may have indicators that commands have injected or files being accessed. The device administrator can look for these indicators by searching for the string patterns "=*;*
#ExploitObserverAlert
CVE-2021-27116
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-27116. An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-27116
DESCRIPTION: Exploit Observer has 2 entries related to CVE-2021-27116. An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.
FIRST-EPSS: 0.000480000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-19356
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2019-19356. Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.
FIRST-EPSS: 0.959690000
NVD-IS: 5.9
NVD-ES: 1.6
CVE-2019-19356
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2019-19356. Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.
FIRST-EPSS: 0.959690000
NVD-IS: 5.9
NVD-ES: 1.6
#ExploitObserverAlert
CVE-2016-3427
DESCRIPTION: Exploit Observer has 75 entries related to CVE-2016-3427. Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
FIRST-EPSS: 0.078110000
NVD-IS: 6.0
NVD-ES: 2.2
CVE-2016-3427
DESCRIPTION: Exploit Observer has 75 entries related to CVE-2016-3427. Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
FIRST-EPSS: 0.078110000
NVD-IS: 6.0
NVD-ES: 2.2
#ExploitObserverAlert
CVE-2021-30663
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-30663. An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.
FIRST-EPSS: 0.003030000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2021-30663
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2021-30663. An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.
FIRST-EPSS: 0.003030000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2020-1464
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2020-1464. A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.
FIRST-EPSS: 0.033460000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2020-1464
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2020-1464. A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.
FIRST-EPSS: 0.033460000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2020-5741
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-5741. Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
FIRST-EPSS: 0.179730000
NVD-IS: 5.9
NVD-ES: 1.2
CVE-2020-5741
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-5741. Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
FIRST-EPSS: 0.179730000
NVD-IS: 5.9
NVD-ES: 1.2
#ExploitObserverAlert
CVE-2019-2215
DESCRIPTION: Exploit Observer has 65 entries related to CVE-2019-2215. A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
FIRST-EPSS: 0.003000000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2019-2215
DESCRIPTION: Exploit Observer has 65 entries related to CVE-2019-2215. A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
FIRST-EPSS: 0.003000000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2017-11292
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-11292. Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.
FIRST-EPSS: 0.019570000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2017-11292
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2017-11292. Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.
FIRST-EPSS: 0.019570000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2013-3906
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2013-3906. GDI in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
FIRST-EPSS: 0.971310000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2013-3906
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2013-3906. GDI in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
FIRST-EPSS: 0.971310000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2021-30860
DESCRIPTION: Exploit Observer has 32 entries related to CVE-2021-30860. An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
FIRST-EPSS: 0.001400000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-30860
DESCRIPTION: Exploit Observer has 32 entries related to CVE-2021-30860. An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
FIRST-EPSS: 0.001400000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2015-0310
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2015-0310. Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.
FIRST-EPSS: 0.919460000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2015-0310
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2015-0310. Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.
FIRST-EPSS: 0.919460000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2023-2033
DESCRIPTION: Exploit Observer has 23 entries related to CVE-2023-2033. Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.015640000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-2033
DESCRIPTION: Exploit Observer has 23 entries related to CVE-2023-2033. Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.015640000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2018-0158
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-0158. A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.
FIRST-EPSS: 0.009790000
NVD-IS: 4.0
NVD-ES: 3.9
CVE-2018-0158
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-0158. A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.
FIRST-EPSS: 0.009790000
NVD-IS: 4.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-7195
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2019-7195. This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
FIRST-EPSS: 0.970700000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-7195
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2019-7195. This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
FIRST-EPSS: 0.970700000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-21608
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2023-21608. Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
FIRST-EPSS: 0.022900000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-21608
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2023-21608. Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
FIRST-EPSS: 0.022900000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2012-1889
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2012-1889. Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
FIRST-EPSS: 0.974740000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2012-1889
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2012-1889. Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
FIRST-EPSS: 0.974740000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2004-1464
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2004-1464. Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
FIRST-EPSS: 0.017950000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2004-1464
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2004-1464. Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
FIRST-EPSS: 0.017950000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2020-27930
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2020-27930. A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.
FIRST-EPSS: 0.001920000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-27930
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2020-27930. A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.
FIRST-EPSS: 0.001920000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-36742
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-36742. A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
FIRST-EPSS: 0.001370000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-36742
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-36742. A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
FIRST-EPSS: 0.001370000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-26359
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-26359. Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.563320000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-26359
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-26359. Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.563320000
NVD-IS: 5.9
NVD-ES: 3.9