Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2024/01/31 1:15 p.m.•43 views

Double free

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftsetelemcatchalldeactivate function checks whether the catch-all set element is active in the current generation instead of the next generation before...

4.3CVSS6.6AI score0.00282EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/12/14 5:15 a.m.•43 views

Improper access control

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7...

6.4CVSS6.8AI score0.00756EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2023/11/03 1:15 p.m.•43 views

Design/Logic Flaw

Subrion 4.2.1 has a remote command execution vulnerability in the backend...

6.5CVSS8.8AI score0.01277EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/10/23 7:15 a.m.•43 views

Cross site scripting

Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...

5CVSS7.3AI score0.02978EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2023/10/10 6:15 p.m.•43 views

Privilege escalation

Skype for Business Elevation of Privilege Vulnerability...

5CVSS5.6AI score0.90353EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/09/15 7:15 p.m.•44 views

Design/Logic Flaw

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

4CVSS4.7AI score0.01006EPSS
Exploits1References6Affected Software2
Prion
Prion
•added 2023/05/26 6:15 p.m.•43 views

Authentication flaw

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

6.4CVSS6.9AI score0.01061EPSS
Exploits2References7Affected Software3
Prion
Prion
•added 2023/04/18 9:15 p.m.•43 views

Design/Logic Flaw

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support e.g. annotated with @MultipartConfig that call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause OutOfMemoryError when the client sends a multipart request with a part...

5CVSS5.2AI score0.0326EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2023/03/23 8:15 p.m.•43 views

Deserialization of untrusted data

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

7.5CVSS9.5AI score0.17937EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/03/06 11:15 p.m.•43 views

Privilege escalation

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...

7.5CVSS8.7AI score0.00454EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/02/28 8:15 p.m.•43 views

Remote code execution

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

7.5CVSS9.5AI score0.99637EPSS
Exploits23References6Affected Software2
Prion
Prion
•added 2022/12/01 11:15 a.m.•43 views

Deserialization of untrusted data

SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...

7.5CVSS9.7AI score0.99615EPSS
Exploits7References8Affected Software1
Prion
Prion
•added 2022/11/14 11:15 p.m.•43 views

Design/Logic Flaw

The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "appropriately short exponents" can be used when there are adequate subgroup constraints, and these sho...

5CVSS7.3AI score0.23061EPSS
Exploits1References11
Prion
Prion
•added 2022/10/13 1:15 p.m.•43 views

Design/Logic Flaw

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

7.5CVSS9.9AI score0.99931EPSS
Exploits41References9Affected Software2
Prion
Prion
•added 2022/09/26 2:15 a.m.•43 views

Design/Logic Flaw

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...

7.5CVSS8.7AI score0.95478EPSS
Exploits7References5Affected Software1
Prion
Prion
•added 2022/09/16 9:15 p.m.•43 views

Stack overflow

TensorFlow is an open source platform for machine learning. If FakeQuantWithMinMaxVars is given min or max tensors of a nonzero rank, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

5CVSS7.5AI score0.00383EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/06/09 5:15 p.m.•43 views

Buffer overflow

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread that point past the end of the storage allocated for the buffer...

5CVSS8.4AI score0.04687EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2022/06/09 5:15 p.m.•43 views

Design/Logic Flaw

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

5CVSS8.5AI score0.19008EPSS
Exploits1References6Affected Software2
Prion
Prion
•added 2022/04/19 9:15 p.m.•43 views

Design/Logic Flaw

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows...

5CVSS7AI score0.46677EPSS
Exploits6References18Affected Software5
Prion
Prion
•added 2022/04/01 11:15 p.m.•43 views

Race condition

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

4CVSS6.6AI score0.35834EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/03/25 10:15 p.m.•43 views

Code injection

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 inclusive are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This...

7.5CVSS9.6AI score0.01103EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/03/25 9:15 a.m.•43 views

Memory corruption

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

5CVSS7.4AI score0.51733EPSS
Exploits1References29Affected Software16
Prion
Prion
•added 2021/12/22 6:15 a.m.•43 views

Deserialization of untrusted data

An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known due...

7.5CVSS9.6AI score0.83476EPSS
Exploits9References1Affected Software1
Prion
Prion
•added 2021/11/29 4:15 a.m.•43 views

Remote code execution

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration...

7.5CVSS9.7AI score0.93514EPSS
Exploits6References5Affected Software3
Prion
Prion
•added 2021/10/25 2:15 p.m.•43 views

Cross site scripting

The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

3.5CVSS4.8AI score0.00598EPSS
Exploits2References1Affected Software1
Prion
Prion
•added 2021/10/05 9:15 a.m.•43 views

Null pointer dereference

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

5CVSS7.3AI score0.24982EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2021/09/07 5:15 p.m.•43 views

Authentication flaw

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution...

7.5CVSS9.9AI score0.9896EPSS
Exploits8References3Affected Software1
Prion
Prion
•added 2021/08/12 5:15 p.m.•43 views

Design/Logic Flaw

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It...

3.5CVSS5.8AI score0.01188EPSS
Exploits0References6Affected Software10
Prion
Prion
•added 2021/07/09 2:15 p.m.•43 views

Sql injection

The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 Macintosh;...

6.5CVSS9.6AI score0.85619EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2021/07/09 2:15 p.m.•43 views

Authentication flaw

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

7.5CVSS9.2AI score0.85619EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2021/06/11 4:15 p.m.•43 views

Design/Logic Flaw

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client...

6.8CVSS8.1AI score0.60122EPSS
Exploits1References10Affected Software9
Prion
Prion
•added 2021/06/10 7:15 a.m.•43 views

Heap overflow

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

7.5CVSS9.2AI score0.68067EPSS
Exploits0References13Affected Software7
Prion
Prion
•added 2021/04/27 6:15 a.m.•43 views

Design/Logic Flaw

DISPUTED Unbound before 1.9.5 allows an assertion failure and denial of service in synthcname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...

5CVSS8.3AI score0.01989EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2021/04/22 10:15 p.m.•43 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.5CVSS4.3AI score0.01925EPSS
Exploits0References5Affected Software3
Prion
Prion
•added 2021/03/03 12:15 a.m.•43 views

Remote code execution

Microsoft Exchange Server Remote Code Execution Vulnerability...

6.8CVSS8AI score0.94008EPSS
Exploits5References1Affected Software1
Prion
Prion
•added 2021/02/24 5:15 p.m.•43 views

Remote code execution

The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...

10CVSS9.8AI score0.9957EPSS
Exploits47References4Affected Software2
Prion
Prion
•added 2020/12/03 5:15 p.m.•43 views

Cross site scripting

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code...

4.3CVSS6AI score0.03934EPSS
Exploits1References8Affected Software6
Prion
Prion
•added 2020/10/21 3:15 p.m.•43 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

6.8CVSS5.1AI score0.0178EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2020/09/14 5:15 p.m.•43 views

Remote code execution

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...

7.5CVSS9.5AI score0.97399EPSS
Exploits15References9Affected Software5
Prion
Prion
•added 2020/09/11 5:15 p.m.•43 views

Security feature bypass

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...

7.2CVSS7.9AI score0.07037EPSS
Exploits0References1Affected Software3
Prion
Prion
•added 2020/08/19 1:15 p.m.•43 views

Code injection

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c in the NFS server can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered...

3.6CVSS6.4AI score0.00361EPSS
Exploits0References10Affected Software5
Prion
Prion
•added 2020/07/14 11:15 p.m.•43 views

Remote code execution

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407...

9.3CVSS7.9AI score0.2383EPSS
Exploits0References2Affected Software5
Prion
Prion
•added 2020/06/23 10:15 p.m.•43 views

Authentication flaw

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

9.3CVSS9.5AI score0.29157EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2020/06/09 8:15 p.m.•43 views

Privilege escalation

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266,...

4.6CVSS7.5AI score0.15932EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2020/02/27 9:15 p.m.•43 views

Information disclosure

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...

6.4CVSS8.6AI score0.03976EPSS
Exploits1References3Affected Software2
Prion
Prion
•added 2020/02/24 10:15 p.m.•43 views

Design/Logic Flaw

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

5.8CVSS7.1AI score0.09386EPSS
Exploits0References19Affected Software19
Prion
Prion
•added 2019/12/27 2:15 p.m.•43 views

Directory traversal

An issue was discovered in Citrix Application Delivery Controller ADC and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal...

7.5CVSS9.5AI score0.99999EPSS
Exploits48References10Affected Software3
Prion
Prion
•added 2019/11/25 5:15 p.m.•43 views

Heap overflow

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in strlowercasematch in regexec.c...

5CVSS8.5AI score0.02942EPSS
Exploits0References5Affected Software5
Prion
Prion
•added 2019/10/11 7:15 p.m.•43 views

Design/Logic Flaw

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network...

4.6CVSS6.9AI score0.72105EPSS
Exploits27References11
Prion
Prion
•added 2019/10/01 3:15 p.m.•43 views

Deserialization of untrusted data

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

7.5CVSS8.8AI score0.49727EPSS
Exploits10References9Affected Software1
Total number of security vulnerabilities5000