Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2024/02/09 9:15 a.m.•53 views

Cross site request forgery (csrf)

In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document...

6.5CVSS7.2AI score0.00617EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/11/29 7:15 p.m.•53 views

Null pointer dereference

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling loadpempkcs7certificates or loadderpkcs7certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service...

5CVSS6.8AI score0.00985EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2023/10/25 6:17 p.m.•53 views

Memory corruption

Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 119...

7.5CVSS9.7AI score0.00975EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/09/01 11:15 a.m.•53 views

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

4CVSS4.5AI score0.00711EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/08/19 6:15 a.m.•53 views

Default credentials

DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...

6.8CVSS8.5AI score0.02161EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/03/22 2:15 p.m.•53 views

Design/Logic Flaw

Use After Free vulnerability in Linux kernel traffic control index filter tcindex allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcfextsexec' is called with the destroyed tcfext. A local attacker user can u...

4.3CVSS7.4AI score0.00305EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2023/03/15 11:15 p.m.•53 views

Command injection

TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before...

5.8CVSS9AI score0.99999EPSS
Exploits7References2Affected Software1
Prion
Prion
•added 2023/03/15 4:15 a.m.•53 views

Directory traversal

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

7.5CVSS9.4AI score0.01545EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2023/02/06 7:15 p.m.•53 views

Design/Logic Flaw

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246...

4CVSS9.2AI score0.01103EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2023/01/18 12:15 a.m.•53 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS3.6AI score0.00638EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/11/14 3:15 p.m.•53 views

Improper access control

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address...

7.5CVSS9.4AI score0.03546EPSS
Exploits2References1Affected Software3
Prion
Prion
•added 2022/04/19 9:15 p.m.•53 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.8AI score0.01496EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/03/04 7:15 p.m.•53 views

Design/Logic Flaw

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...

7.1CVSS8AI score0.11586EPSS
Exploits1References10Affected Software12
Prion
Prion
•added 2022/01/01 6:15 a.m.•53 views

Code injection

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

5CVSS7.5AI score0.02931EPSS
Exploits1References6Affected Software7
Prion
Prion
•added 2021/10/07 4:15 p.m.•53 views

Code injection

Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are...

4.3CVSS6.6AI score0.19433EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2021/10/04 4:15 a.m.•53 views

Memory corruption

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...

4.3CVSS5.7AI score0.01724EPSS
Exploits1References6Affected Software1
Prion
Prion
•added 2021/09/16 3:15 p.m.•53 views

Design/Logic Flaw

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

6.8CVSS9.1AI score0.99999EPSS
Exploits5References19Affected Software9
Prion
Prion
•added 2021/09/15 10:15 p.m.•53 views

Authentication flaw

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets...

10CVSS9.5AI score0.99871EPSS
Exploits12References3Affected Software19
Prion
Prion
•added 2021/07/15 5:15 p.m.•53 views

Security feature bypass

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

5CVSS6.1AI score0.99298EPSS
Exploits11References38Affected Software12
Prion
Prion
•added 2021/03/09 8:15 p.m.•53 views

Design/Logic Flaw

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive...

5.1CVSS7.4AI score0.88644EPSS
Exploits5References14Affected Software4
Prion
Prion
•added 2018/09/12 11:29 p.m.•53 views

Design/Logic Flaw

Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473...

4.3CVSS6AI score0.02273EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2017/12/07 4:29 p.m.•53 views

Buffer overflow

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

4.3CVSS5.9AI score0.83645EPSS
Exploits1References27Affected Software3
Prion
Prion
•added 2016/06/27 10:59 a.m.•53 views

Race condition

Race condition in the vopioctl function in drivers/misc/mic/vop/vopvringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service memory corruption and system crash by changing a certain header, ak...

5.4CVSS6.7AI score0.00404EPSS
Exploits0References12Affected Software2
Prion
Prion
•added 2015/01/09 2:59 a.m.•53 views

Memory corruption

Memory leak in the dtls1bufferrecord function in d1pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service memory consumption by sending many duplicate records for the next epoch, leading to failure of replay detection...

5CVSS7AI score0.59319EPSS
Exploits0References31Affected Software1
Prion
Prion
•added 2014/01/08 4:55 p.m.•53 views

Information disclosure

The dgramrecvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2...

4.9CVSS5.6AI score0.0048EPSS
Exploits0References19Affected Software1
Prion
Prion
•added 2012/06/07 10:55 p.m.•53 views

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE:...

10CVSS8.4AI score0.98113EPSS
Exploits13References22Affected Software1
Prion
Prion
•added 2023/10/17 10:15 p.m.•52 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

3.3CVSS4.6AI score0.00884EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/10/16 4:15 p.m.•52 views

Command injection

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issue...

7.5CVSS8.6AI score0.99571EPSS
Exploits27References1Affected Software1
Prion
Prion
•added 2023/08/14 11:15 p.m.•52 views

Default credentials

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution...

6.8CVSS8.3AI score0.03213EPSS
Exploits0References5Affected Software6
Prion
Prion
•added 2023/08/08 6:15 p.m.•52 views

Input validation

Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access...

7.5CVSS9.6AI score0.01056EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/07/20 3:15 p.m.•52 views

Type confusion

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...

5CVSS6AI score0.62606EPSS
Exploits0References11Affected Software4
Prion
Prion
•added 2023/07/18 11:15 p.m.•52 views

Remote code execution

This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high...

4.6CVSS8.8AI score0.02185EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/07/14 10:15 p.m.•52 views

Command injection

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...

7.5CVSS6.9AI score0.12996EPSS
Exploits9References1Affected Software1
Prion
Prion
•added 2023/06/22 11:15 p.m.•52 views

Design/Logic Flaw

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data...

3.2CVSS6.7AI score0.01395EPSS
Exploits1References11Affected Software4
Prion
Prion
•added 2023/05/31 7:15 p.m.•52 views

Privilege escalation

Windows Digital Media Receiver Elevation of Privilege Vulnerability...

4.3CVSS7.6AI score0.00545EPSS
Exploits0References1Affected Software7
Prion
Prion
•added 2023/03/06 11:15 p.m.•52 views

Design/Logic Flaw

A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the grucheckchipletassignment function. This flaw allows a local user to crash or potentially escalate their privileges on the...

4.3CVSS7.3AI score0.00238EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2023/01/18 12:15 a.m.•52 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS5.1AI score0.00853EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/01/18 12:15 a.m.•52 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS5.1AI score0.00853EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/01/18 12:15 a.m.•52 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS5.1AI score0.00853EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/12/05 4:15 p.m.•52 views

Out-of-bounds

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet...

7.5CVSS9.5AI score0.01255EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•52 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.7CVSS6.2AI score0.01027EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/08/25 6:15 p.m.•52 views

Authentication flaw

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's...

2.6CVSS6.5AI score0.01501EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/02/09 11:15 p.m.•52 views

Design/Logic Flaw

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

5CVSS7.2AI score0.08325EPSS
Exploits1References7Affected Software4
Prion
Prion
•added 2021/10/11 4:15 p.m.•52 views

Design/Logic Flaw

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

4.4CVSS7.2AI score0.00111EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/05/14 8:15 p.m.•52 views

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedMul. This is because the...

2.1CVSS5.4AI score0.00189EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2021/03/01 12:15 p.m.•52 views

Design/Logic Flaw

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the...

4.4CVSS7.4AI score0.56636EPSS
Exploits15References18Affected Software12
Prion
Prion
•added 2021/01/20 5:15 p.m.•52 views

Design/Logic Flaw

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the...

4.3CVSS3.9AI score0.04873EPSS
Exploits2References7Affected Software4
Prion
Prion
•added 2021/01/20 4:15 p.m.•52 views

Design/Logic Flaw

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query,...

4.3CVSS4AI score0.04873EPSS
Exploits2References8Affected Software4
Prion
Prion
•added 2020/10/21 3:15 p.m.•52 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.8CVSS6.2AI score0.03012EPSS
Exploits0References10Affected Software5
Prion
Prion
•added 2019/12/06 6:15 p.m.•52 views

Buffer overflow

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

5CVSS5.5AI score0.14298EPSS
Exploits0References24Affected Software9
Total number of security vulnerabilities5000