#ExploitObserverAlert
CVE-2021-30860
DESCRIPTION: Exploit Observer has 32 entries related to CVE-2021-30860. An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
FIRST-EPSS: 0.001400000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-30860
DESCRIPTION: Exploit Observer has 32 entries related to CVE-2021-30860. An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
FIRST-EPSS: 0.001400000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2015-0310
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2015-0310. Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.
FIRST-EPSS: 0.919460000
NVD-IS: 10.0
NVD-ES: 10.0
CVE-2015-0310
DESCRIPTION: Exploit Observer has 8 entries related to CVE-2015-0310. Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.
FIRST-EPSS: 0.919460000
NVD-IS: 10.0
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2023-2033
DESCRIPTION: Exploit Observer has 23 entries related to CVE-2023-2033. Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.015640000
NVD-IS: 5.9
NVD-ES: 2.8
CVE-2023-2033
DESCRIPTION: Exploit Observer has 23 entries related to CVE-2023-2033. Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.015640000
NVD-IS: 5.9
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2018-0158
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-0158. A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.
FIRST-EPSS: 0.009790000
NVD-IS: 4.0
NVD-ES: 3.9
CVE-2018-0158
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2018-0158. A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.
FIRST-EPSS: 0.009790000
NVD-IS: 4.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2019-7195
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2019-7195. This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
FIRST-EPSS: 0.970700000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-7195
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2019-7195. This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
FIRST-EPSS: 0.970700000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2023-21608
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2023-21608. Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
FIRST-EPSS: 0.022900000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2023-21608
DESCRIPTION: Exploit Observer has 14 entries related to CVE-2023-21608. Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
FIRST-EPSS: 0.022900000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2012-1889
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2012-1889. Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
FIRST-EPSS: 0.974740000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2012-1889
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2012-1889. Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
FIRST-EPSS: 0.974740000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2004-1464
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2004-1464. Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
FIRST-EPSS: 0.017950000
NVD-IS: 2.9
NVD-ES: 10.0
CVE-2004-1464
DESCRIPTION: Exploit Observer has 6 entries related to CVE-2004-1464. Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
FIRST-EPSS: 0.017950000
NVD-IS: 2.9
NVD-ES: 10.0
#ExploitObserverAlert
CVE-2020-27930
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2020-27930. A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.
FIRST-EPSS: 0.001920000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-27930
DESCRIPTION: Exploit Observer has 13 entries related to CVE-2020-27930. A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.
FIRST-EPSS: 0.001920000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-36742
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-36742. A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
FIRST-EPSS: 0.001370000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-36742
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-36742. A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
FIRST-EPSS: 0.001370000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2023-26359
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-26359. Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.563320000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2023-26359
DESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-26359. Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
FIRST-EPSS: 0.563320000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-0041
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2020-0041. In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel
FIRST-EPSS: 0.000810000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2020-0041
DESCRIPTION: Exploit Observer has 40 entries related to CVE-2020-0041. In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel
FIRST-EPSS: 0.000810000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-38000
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-38000. Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
FIRST-EPSS: 0.004040000
NVD-IS: 2.7
NVD-ES: 2.8
CVE-2021-38000
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-38000. Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
FIRST-EPSS: 0.004040000
NVD-IS: 2.7
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2022-32894
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2022-32894. An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
FIRST-EPSS: 0.001080000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2022-32894
DESCRIPTION: Exploit Observer has 9 entries related to CVE-2022-32894. An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
FIRST-EPSS: 0.001080000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2021-21315
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2021-21315. The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.
FIRST-EPSS: 0.968640000
NVD-IS: 5.9
NVD-ES: 1.8
CVE-2021-21315
DESCRIPTION: Exploit Observer has 41 entries related to CVE-2021-21315. The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.
FIRST-EPSS: 0.968640000
NVD-IS: 5.9
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2004-0210
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2004-0210. The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
FIRST-EPSS: 0.001210000
NVD-IS: 10.0
NVD-ES: 3.9
CVE-2004-0210
DESCRIPTION: Exploit Observer has 4 entries related to CVE-2004-0210. The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
FIRST-EPSS: 0.001210000
NVD-IS: 10.0
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2012-4969
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2012-4969. Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
FIRST-EPSS: 0.847520000
NVD-IS: 10.0
NVD-ES: 8.6
CVE-2012-4969
DESCRIPTION: Exploit Observer has 11 entries related to CVE-2012-4969. Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
FIRST-EPSS: 0.847520000
NVD-IS: 10.0
NVD-ES: 8.6
#ExploitObserverAlert
CVE-2019-8394
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2019-8394. Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
FIRST-EPSS: 0.969620000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2019-8394
DESCRIPTION: Exploit Observer has 7 entries related to CVE-2019-8394. Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
FIRST-EPSS: 0.969620000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2016-4655
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2016-4655. The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
FIRST-EPSS: 0.865630000
NVD-IS: 3.6
NVD-ES: 1.8
CVE-2016-4655
DESCRIPTION: Exploit Observer has 37 entries related to CVE-2016-4655. The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
FIRST-EPSS: 0.865630000
NVD-IS: 3.6
NVD-ES: 1.8
#ExploitObserverAlert
CVE-2019-5544
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2019-5544. OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
FIRST-EPSS: 0.042850000
NVD-IS: 5.9
NVD-ES: 3.9
CVE-2019-5544
DESCRIPTION: Exploit Observer has 12 entries related to CVE-2019-5544. OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
FIRST-EPSS: 0.042850000
NVD-IS: 5.9
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2020-5410
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2020-5410. Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
FIRST-EPSS: 0.967940000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2020-5410
DESCRIPTION: Exploit Observer has 55 entries related to CVE-2020-5410. Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
FIRST-EPSS: 0.967940000
NVD-IS: 3.6
NVD-ES: 3.9