Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2022/12/02 1:15 p.m.40 views

Privilege escalation

Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally...

2.1CVSS4.2AI score0.00514EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/10/19 11:15 a.m.40 views

Authentication flaw

Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / startapply.htm, an attacker can change the administrator password without any authentication...

5CVSS7.7AI score0.00927EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/10/18 2:15 p.m.40 views

Authentication flaw

An authentication bypass using an alternate path or channel CWE-288 in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform...

7.5CVSS9.7AI score0.99984EPSS
Exploits25References3Affected Software3
Prion
Prion
added 2022/07/11 1:15 a.m.40 views

Path traversal

The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

6.4CVSS9.3AI score0.01118EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/07/07 9:15 p.m.40 views

Design/Logic Flaw

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario...

4CVSS5.2AI score0.01173EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2022/04/12 5:15 a.m.40 views

Sql injection

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...

7.5CVSS9.4AI score0.18516EPSS
Exploits3References9Affected Software2
Prion
Prion
added 2022/04/01 11:15 p.m.40 views

Remote code execution

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

7.5CVSS9.4AI score0.99939EPSS
Exploits36References6Affected Software28
Prion
Prion
added 2022/03/23 11:15 a.m.40 views

Design/Logic Flaw

BIND 9.16.11 - 9.16.26, 9.17.0 - 9.18.0 and versions 9.16.11-S1 - 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSEWAIT status for an indefinite period of time, even after the client has terminated the connection...

4.3CVSS5.7AI score0.02617EPSS
Exploits0References5Affected Software3
Prion
Prion
added 2022/03/15 5:15 p.m.40 views

Code injection

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

5CVSS7.6AI score0.70561EPSS
Exploits2References28Affected Software6
Prion
Prion
added 2022/03/10 5:47 p.m.40 views

Path traversal

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabl...

4.4CVSS6.9AI score0.01365EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/09 5:15 p.m.40 views

Denial of service

.NET and Visual Studio Denial of Service Vulnerability...

5CVSS7.4AI score0.03228EPSS
Exploits0References1Affected Software5
Prion
Prion
added 2022/01/19 12:15 p.m.40 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

4CVSS4AI score0.01399EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2022/01/19 12:15 p.m.40 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.8CVSS4.8AI score0.01976EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2021/12/13 6:15 p.m.40 views

Hardcoded credentials

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

6.8CVSS6.7AI score0.02456EPSS
Exploits0References14Affected Software8
Prion
Prion
added 2021/11/10 5:15 p.m.40 views

Memory corruption

A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the...

10CVSS9.7AI score0.19087EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/10/20 11:16 a.m.40 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4CVSS4.8AI score0.02564EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2021/10/08 9:15 p.m.40 views

Type confusion

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.7AI score0.00876EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2021/09/29 8:15 p.m.40 views

Input validation

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

6.1CVSS8AI score0.00413EPSS
Exploits1References5Affected Software3
Prion
Prion
added 2021/08/24 3:15 p.m.40 views

Buffer overflow

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

5.8CVSS7.8AI score0.50445EPSS
Exploits0References20Affected Software25
Prion
Prion
added 2021/08/12 9:15 p.m.40 views

Design/Logic Flaw

Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message...

5CVSS7.6AI score0.01294EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/07/14 6:15 p.m.40 views

Privilege escalation

Microsoft Exchange Server Elevation of Privilege Vulnerability...

7.5CVSS8.5AI score0.99987EPSS
Exploits10References3Affected Software1
Prion
Prion
added 2021/07/14 6:15 p.m.40 views

Remote code execution

Microsoft Exchange Server Remote Code Execution Vulnerability...

10CVSS8.3AI score0.99999EPSS
Exploits16References3Affected Software1
Prion
Prion
added 2021/07/12 3:15 p.m.40 views

Cross site request forgery (csrf)

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

5CVSS5.3AI score0.75353EPSS
Exploits1References16Affected Software22
Prion
Prion
added 2021/06/15 10:15 p.m.40 views

Type confusion

Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.6AI score0.64701EPSS
Exploits1References6Affected Software2
Prion
Prion
added 2021/05/06 1:15 p.m.40 views

Design/Logic Flaw

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character...

7.2CVSS8.6AI score0.00379EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/04/22 10:15 p.m.40 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

3.5CVSS4.4AI score0.01803EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2021/03/25 10:15 a.m.40 views

Design/Logic Flaw

In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...

10CVSS9.2AI score0.06132EPSS
Exploits0References7Affected Software3
Prion
Prion
added 2021/02/23 11:15 p.m.40 views

Design/Logic Flaw

Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor...

4.3CVSS6.1AI score0.01949EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2021/01/20 3:15 p.m.40 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server...

2.1CVSS3AI score0.00445EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/01/20 3:15 p.m.40 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.8CVSS4.8AI score0.02157EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/01/20 3:15 p.m.40 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

7CVSS5AI score0.01609EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/01/04 5:15 p.m.40 views

Input validation

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts...

5CVSS7.2AI score0.0466EPSS
Exploits1References8Affected Software3
Prion
Prion
added 2020/12/17 7:15 p.m.40 views

Unrestricted file upload

The contact-form-7 aka Contact Form 7 plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters...

10CVSS9.8AI score0.89626EPSS
Exploits4References5Affected Software1
Prion
Prion
added 2020/11/26 2:15 a.m.40 views

Race condition

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The...

5.4CVSS6AI score0.00326EPSS
Exploits1References5Affected Software3
Prion
Prion
added 2020/11/06 8:15 a.m.40 views

Input validation

An issue was discovered in ioapiclazyupdateeoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9...

2.1CVSS5.8AI score0.00562EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2020/11/05 3:15 p.m.40 views

Design/Logic Flaw

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

5CVSS7.4AI score0.01923EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/10/21 3:15 p.m.40 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.9AI score0.02621EPSS
Exploits0References9Affected Software4
Prion
Prion
added 2020/10/21 3:15 p.m.40 views

Design/Logic Flaw

Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of th...

5CVSS4.3AI score0.03122EPSS
Exploits0References7Affected Software7
Prion
Prion
added 2020/10/21 3:15 p.m.40 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

6.8CVSS5.1AI score0.0288EPSS
Exploits0References7Affected Software5
Prion
Prion
added 2020/10/02 3:15 p.m.40 views

Information disclosure

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

5CVSS6.2AI score0.05029EPSS
Exploits2References15Affected Software6
Prion
Prion
added 2020/08/21 9:15 p.m.40 views

Code injection

In BIND 9.9.12 - 9.9.13, 9.10.7 - 9.10.8, 9.11.3 - 9.11.21, 9.12.1 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.12-S1 - 9.9.13-S1, 9.11.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abu...

4CVSS5.5AI score0.0364EPSS
Exploits0References10Affected Software5
Prion
Prion
added 2020/08/17 5:15 p.m.40 views

Design/Logic Flaw

lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage...

5CVSS5.4AI score0.01793EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2020/07/15 6:15 p.m.40 views

Design/Logic Flaw

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

3.5CVSS5.1AI score0.02221EPSS
Exploits0References7Affected Software4
Prion
Prion
added 2020/06/29 6:15 p.m.40 views

Design/Logic Flaw

The web interface of Maipu MP1800X-50 7.5.3.14R devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime...

5CVSS6.3AI score0.99876EPSS
Exploits20References1Affected Software1
Prion
Prion
added 2020/06/09 8:15 p.m.40 views

Privilege escalation

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266,...

9.3CVSS7.5AI score0.15932EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2020/04/30 11:15 p.m.40 views

Design/Logic Flaw

In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously...

5.5CVSS7.9AI score0.13625EPSS
Exploits3References5Affected Software2
Prion
Prion
added 2020/04/27 4:15 a.m.40 views

Sql injection

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration HTTPS service or the User Portal exposed on the WAN zone. A successful attack...

7.5CVSS9.8AI score0.42164EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2020/04/21 1:15 p.m.40 views

Design/Logic Flaw

In IQrouter through 3.3.1, the Lua function diagsetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

5CVSS7.7AI score0.02247EPSS
Exploits3References4Affected Software1
Prion
Prion
added 2020/04/15 2:15 p.m.40 views

Design/Logic Flaw

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

4.3CVSS3.2AI score0.02436EPSS
Exploits0References4Affected Software4
Prion
Prion
added 2020/03/07 1:15 a.m.40 views

Cross site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

4.3CVSS5.4AI score0.04327EPSS
Exploits0References9Affected Software11
Total number of security vulnerabilities5000