Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2023/07/13 10:15 a.m.•41 views

Design/Logic Flaw

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts...

5.8CVSS6AI score0.00559EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/07/11 6:15 p.m.•41 views

Security feature bypass

Microsoft SharePoint Server Security Feature Bypass Vulnerability...

5CVSS7.5AI score0.01011EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/06/20 12:15 p.m.•41 views

Authentication flaw

DISPUTED Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they ha...

7.5CVSS9.6AI score0.05979EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/06/01 5:15 p.m.•41 views

Heap overflow

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function formatlogline could allow remote attackers to cause a DoS ...

1.9CVSS5.7AI score0.01473EPSS
Exploits1References2Affected Software2
Prion
Prion
•added 2023/05/10 9:15 a.m.•41 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Muffingroup Betheme theme = 26.7.5 versions...

5.8CVSS6AI score0.00382EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/04/24 9:15 p.m.•41 views

Cross site scripting

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. When combined with...

4.9CVSS6.7AI score0.01972EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2023/03/22 11:15 a.m.•41 views

Authentication flaw

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...

4.3CVSS5.6AI score0.01831EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/02/07 9:15 p.m.•41 views

Design/Logic Flaw

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

6.4CVSS6.5AI score0.01301EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/02/07 1:15 p.m.•41 views

Command injection

A Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 a...

7.5CVSS9.5AI score0.03759EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/02/01 5:15 p.m.•41 views

Memory corruption

A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfgop.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed...

7.8CVSS7.6AI score0.00933EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2022/11/29 9:15 p.m.•41 views

Design/Logic Flaw

The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via albumgalleryid0, bwgalbumsearch0, and type0 for bwgfrontenddata. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID becau...

1.7CVSS5.6AI score0.1445EPSS
Exploits4References1Affected Software1
Prion
Prion
•added 2022/11/23 3:15 p.m.•41 views

Design/Logic Flaw

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2capcore.c's l2capconnect and l2capleconnectreq functions which may allow code execution and leaking kernel memory respectively remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via...

5.8CVSS8.8AI score0.02014EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•41 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.8AI score0.01161EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/10/17 9:15 p.m.•41 views

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1...

5.8CVSS6.9AI score0.44002EPSS
Exploits7References3Affected Software1
Prion
Prion
•added 2022/08/23 1:15 a.m.•41 views

Open redirect

DISPUTED Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page stat...

4.3CVSS7.1AI score0.0199EPSS
Exploits0References18Affected Software2
Prion
Prion
•added 2022/07/18 7:15 a.m.•41 views

Command injection

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to...

6.5CVSS8.8AI score0.92984EPSS
Exploits12References3Affected Software1
Prion
Prion
•added 2022/07/07 1:15 p.m.•41 views

Privilege escalation

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel...

6.5CVSS7AI score0.24939EPSS
Exploits4References4Affected Software1
Prion
Prion
•added 2022/07/05 4:15 p.m.•41 views

Sql injection

SQL Injection vulnerability in admin interface /vicidial/admin.php of VICIdial via modifyemailaccounts, accessrecordings, and agentcallemail parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make i...

8.5CVSS8.7AI score0.03196EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2022/06/05 10:15 p.m.•41 views

Double free

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 "Double-Hash Port Selection Algorithm" of RFC 6056...

2.1CVSS5.2AI score0.00426EPSS
Exploits1References6Affected Software1
Prion
Prion
•added 2022/04/19 9:15 p.m.•41 views

Design/Logic Flaw

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

2.9CVSS2.1AI score0.0175EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/04/19 9:15 p.m.•41 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4CVSS6.1AI score0.0133EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/04/01 11:15 p.m.•41 views

Remote code execution

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

7.5CVSS8.7AI score0.99677EPSS
Exploits100References8Affected Software38
Prion
Prion
•added 2022/03/25 7:15 p.m.•41 views

Design/Logic Flaw

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system...

4.6CVSS7.5AI score0.00379EPSS
Exploits0References4Affected Software30
Prion
Prion
•added 2022/03/25 9:15 a.m.•41 views

Memory corruption

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

5CVSS7.4AI score0.51733EPSS
Exploits1References29Affected Software16
Prion
Prion
•added 2022/01/19 12:15 p.m.•41 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

4CVSS4.9AI score0.0175EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2022/01/19 12:15 p.m.•41 views

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

5CVSS4.7AI score0.02896EPSS
Exploits0References6Affected Software7
Prion
Prion
•added 2022/01/19 12:15 p.m.•41 views

Design/Logic Flaw

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: OpenSSO Agent. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

7.5CVSS9.4AI score0.96284EPSS
Exploits5References1Affected Software1
Prion
Prion
•added 2022/01/18 4:15 p.m.•41 views

Deserialization of untrusted data

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

9CVSS9AI score0.52458EPSS
Exploits0References4Affected Software26
Prion
Prion
•added 2022/01/10 4:15 p.m.•41 views

Sql injection

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rmchronosajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue...

6.5CVSS7.1AI score0.73293EPSS
Exploits6References3Affected Software1
Prion
Prion
•added 2022/01/10 2:12 p.m.•41 views

Input validation

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution...

4.6CVSS8AI score0.00392EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/12/23 6:15 a.m.•41 views

Design/Logic Flaw

loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIM...

6.8CVSS7.5AI score0.01439EPSS
Exploits0References7Affected Software4
Prion
Prion
•added 2021/08/10 3:15 p.m.•41 views

Design/Logic Flaw

The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending...

5CVSS7.6AI score0.01996EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2021/07/30 2:15 p.m.•41 views

Sql injection

SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the 1 listid parameter in detail.php and the 2 groupprice or groupid parameters in searchresult.php...

7.5CVSS9.8AI score0.01576EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2021/07/26 5:15 p.m.•41 views

Sql injection

Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors already having admin access, or API keys to the WooCommerce site can exploit vulnerable...

4CVSS5.4AI score0.01265EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2021/06/11 4:15 p.m.•41 views

Design/Logic Flaw

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client...

6.8CVSS8.1AI score0.60122EPSS
Exploits1References10Affected Software9
Prion
Prion
•added 2021/06/09 2:15 a.m.•41 views

Path traversal

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5CVSS5.9AI score0.7848EPSS
Exploits2References24Affected Software4
Prion
Prion
•added 2021/05/11 7:15 p.m.•41 views

Security feature bypass

Microsoft Exchange Server Security Feature Bypass Vulnerability...

6.5CVSS7.9AI score0.99782EPSS
Exploits11References3Affected Software1
Prion
Prion
•added 2021/04/26 5:15 p.m.•41 views

Design/Logic Flaw

Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.9AI score0.09401EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2021/04/22 10:15 p.m.•41 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.8AI score0.0278EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2021/04/22 10:15 p.m.•41 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4CVSS4.8AI score0.02481EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2021/04/06 5:15 a.m.•41 views

Improper access control

The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used...

4CVSS4.7AI score0.00806EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/03/25 3:15 p.m.•41 views

Null pointer dereference

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...

4.3CVSS6.5AI score0.62906EPSS
Exploits3References28Affected Software68
Prion
Prion
•added 2021/03/20 10:15 p.m.•41 views

Integer overflow

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error with a resultant integer underflow affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information...

3.6CVSS5.5AI score0.00577EPSS
Exploits0References9Affected Software4
Prion
Prion
•added 2021/01/18 8:15 p.m.•41 views

Directory traversal

Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948...

5CVSS7.3AI score0.70595EPSS
Exploits2References10Affected Software4
Prion
Prion
•added 2020/11/17 2:15 a.m.•41 views

Privilege escalation

BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process copy, move, delete as root and changing permissions...

7.2CVSS7.7AI score0.00743EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2020/10/21 3:15 p.m.•41 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS4.9AI score0.02336EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2020/08/17 7:15 p.m.•41 views

Privilege escalation

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC. An attacker who successfully exploited the vulnerability could run a specially crafted application on a...

9.3CVSS6.1AI score0.99512EPSS
Exploits75References17Affected Software10
Prion
Prion
•added 2020/08/07 4:15 p.m.•41 views

Information disclosure

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

4.3CVSS8.4AI score0.58716EPSS
Exploits2References26Affected Software12
Prion
Prion
•added 2020/07/29 8:15 p.m.•41 views

Buffer overflow

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...

4.4CVSS6.7AI score0.00436EPSS
Exploits0References10Affected Software2
Prion
Prion
•added 2020/07/15 6:15 p.m.•41 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4CVSS6.1AI score0.02237EPSS
Exploits0References7Affected Software3
Total number of security vulnerabilities5000