Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2022/07/05 4:15 p.m.•42 views

Sql injection

SQL Injection vulnerability in admin interface /vicidial/admin.php of VICIdial via modifyemailaccounts, accessrecordings, and agentcallemail parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make i...

8.5CVSS8.7AI score0.03196EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2022/06/05 10:15 p.m.•42 views

Double free

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 "Double-Hash Port Selection Algorithm" of RFC 6056...

2.1CVSS5.2AI score0.00426EPSS
Exploits1References6Affected Software1
Prion
Prion
•added 2022/04/19 9:15 p.m.•42 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4CVSS6.1AI score0.0133EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/04/19 9:15 p.m.•42 views

Design/Logic Flaw

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

2.9CVSS2.1AI score0.0175EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/04/19 9:15 p.m.•42 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.8AI score0.01939EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2022/03/04 4:15 p.m.•42 views

Sql injection

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption...

5.1CVSS7AI score0.01901EPSS
Exploits0References5Affected Software6
Prion
Prion
•added 2022/02/14 12:15 p.m.•42 views

Null pointer dereference

In gcdatasegment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a movedatapage NULL pointer dereference...

4.3CVSS5.1AI score0.01234EPSS
Exploits1References6Affected Software1
Prion
Prion
•added 2022/02/01 1:15 p.m.•42 views

Sql injection

The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection...

7.5CVSS9.7AI score0.86896EPSS
Exploits7References2Affected Software1
Prion
Prion
•added 2022/01/18 10:15 p.m.•42 views

Design/Logic Flaw

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...

3.5CVSS6AI score0.02013EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2022/01/18 4:15 p.m.•42 views

Deserialization of untrusted data

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

9CVSS9AI score0.52458EPSS
Exploits0References4Affected Software26
Prion
Prion
•added 2022/01/10 4:15 p.m.•42 views

Sql injection

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rmchronosajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue...

6.5CVSS7.1AI score0.73293EPSS
Exploits6References3Affected Software1
Prion
Prion
•added 2021/12/23 6:15 a.m.•42 views

Design/Logic Flaw

loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIM...

6.8CVSS7.5AI score0.01439EPSS
Exploits0References7Affected Software4
Prion
Prion
•added 2021/10/04 6:15 p.m.•42 views

Design/Logic Flaw

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or newer...

4CVSS5.9AI score0.01702EPSS
Exploits0References9Affected Software5
Prion
Prion
•added 2021/09/30 8:15 p.m.•42 views

Hardcoded credentials

REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file...

10CVSS9.6AI score0.01227EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/09/16 3:15 p.m.•42 views

Null pointer dereference

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...

5CVSS8.3AI score0.64509EPSS
Exploits0References17Affected Software11
Prion
Prion
•added 2021/08/17 7:15 p.m.•42 views

Design/Logic Flaw

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such ...

5CVSS6.1AI score0.0177EPSS
Exploits0References5Affected Software3
Prion
Prion
•added 2021/08/08 8:15 p.m.•42 views

Code injection

drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service use-after-free and panic by removing a MAX-3421 USB device in certain situations...

4.6CVSS6.3AI score0.00333EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2021/07/15 2:15 p.m.•42 views

Sql injection

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic...

2.6CVSS6.8AI score0.07032EPSS
Exploits1References16Affected Software3
Prion
Prion
•added 2021/07/08 7:15 p.m.•42 views

Authorization

Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to...

4CVSS8.6AI score0.01091EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/06/09 6:15 p.m.•42 views

Cross site request forgery (csrf)

FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. I...

5.8CVSS8.1AI score0.00804EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2021/05/11 7:15 p.m.•42 views

Security feature bypass

Microsoft Exchange Server Security Feature Bypass Vulnerability...

6.5CVSS7.9AI score0.99782EPSS
Exploits11References3Affected Software1
Prion
Prion
•added 2021/04/26 5:15 p.m.•42 views

Design/Logic Flaw

Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.9AI score0.09401EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2021/04/23 6:15 p.m.•42 views

Input validation

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...

6.8CVSS7.9AI score0.99981EPSS
Exploits39References14Affected Software3
Prion
Prion
•added 2021/04/22 10:15 p.m.•42 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.8AI score0.0278EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2021/04/02 6:15 p.m.•42 views

Type confusion

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to...

6.8CVSS8.9AI score0.14542EPSS
Exploits0References8Affected Software8
Prion
Prion
•added 2021/03/25 3:15 p.m.•42 views

Null pointer dereference

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...

4.3CVSS6.5AI score0.62906EPSS
Exploits3References28Affected Software68
Prion
Prion
•added 2021/01/20 3:15 p.m.•42 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.8CVSS4.8AI score0.02157EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2021/01/18 8:15 p.m.•42 views

Directory traversal

Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948...

5CVSS7.3AI score0.70595EPSS
Exploits2References10Affected Software4
Prion
Prion
•added 2020/10/21 3:15 p.m.•42 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

6.8CVSS5.1AI score0.0288EPSS
Exploits0References7Affected Software5
Prion
Prion
•added 2020/10/16 5:15 p.m.•42 views

Null pointer dereference

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra...

7.5CVSS9.3AI score0.02743EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2020/09/23 1:15 p.m.•42 views

Design/Logic Flaw

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS5.8AI score0.02712EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2020/09/03 11:15 p.m.•42 views

Design/Logic Flaw

There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service Segmentation fault or possibly have unspecified other impact...

6.8CVSS8AI score0.01055EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2020/08/07 4:15 p.m.•42 views

Information disclosure

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

4.3CVSS8.4AI score0.58716EPSS
Exploits2References26Affected Software12
Prion
Prion
•added 2020/07/30 9:15 p.m.•42 views

Design/Logic Flaw

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c...

4.3CVSS4.8AI score0.05228EPSS
Exploits0References15Affected Software9
Prion
Prion
•added 2020/07/29 8:15 p.m.•42 views

Buffer overflow

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...

4.4CVSS6.7AI score0.00436EPSS
Exploits0References10Affected Software2
Prion
Prion
•added 2020/07/15 6:15 p.m.•42 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4CVSS6.1AI score0.02237EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2020/07/14 3:15 p.m.•42 views

Denial of service

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

5CVSS7.2AI score0.87553EPSS
Exploits1References17Affected Software18
Prion
Prion
•added 2020/07/14 1:15 p.m.•42 views

Authentication flaw

SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

10CVSS10AI score0.94719EPSS
Exploits6References5Affected Software1
Prion
Prion
•added 2020/04/01 4:15 a.m.•42 views

Code injection

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...

4.3CVSS6.1AI score0.02767EPSS
Exploits1References8Affected Software4
Prion
Prion
•added 2020/03/06 5:15 p.m.•42 views

Remote code execution

Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets...

10CVSS9.7AI score0.99941EPSS
Exploits6References6Affected Software1
Prion
Prion
•added 2019/11/04 4:15 p.m.•42 views

Race condition

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during...

6.9CVSS6.6AI score0.00985EPSS
Exploits1References14Affected Software5
Prion
Prion
•added 2019/07/23 11:15 p.m.•42 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4CVSS4.8AI score0.02008EPSS
Exploits0References5Affected Software6
Prion
Prion
•added 2019/05/16 7:29 p.m.•42 views

Remote code execution

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-089...

9.3CVSS8AI score0.2021EPSS
Exploits0References1Affected Software5
Prion
Prion
•added 2019/03/05 11:29 p.m.•42 views

Remote code execution

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604...

6.5CVSS9.5AI score0.99913EPSS
Exploits29References2Affected Software3
Prion
Prion
•added 2018/11/07 2:29 p.m.•42 views

Design/Logic Flaw

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affec...

5.8CVSS6.4AI score0.09801EPSS
Exploits1References14Affected Software5
Prion
Prion
•added 2018/07/13 8:29 p.m.•42 views

Code injection

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most...

4.6CVSS7.4AI score0.00455EPSS
Exploits0References2
Prion
Prion
•added 2018/06/12 12:29 p.m.•42 views

Design/Logic Flaw

In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to creat...

6.8CVSS7.3AI score0.02342EPSS
Exploits0References12Affected Software2
Prion
Prion
•added 2018/06/11 9:29 p.m.•42 views

Integer overflow

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox 50...

7.5CVSS6.5AI score0.05542EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2018/06/04 4:29 p.m.•42 views

Remote code execution

healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if t...

9.3CVSS7.8AI score0.01752EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2018/03/13 4:29 p.m.•42 views

Design/Logic Flaw

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash...

3.3CVSS6AI score0.06691EPSS
Exploits0References18Affected Software6
Total number of security vulnerabilities5000