Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2024/02/26 4:28 p.m.•38 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep:...

7AI score0.00208EPSS
Exploits0References2
Prion
Prion
•added 2024/02/13 4:15 a.m.•38 views

Xxe

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...

7.5CVSS7AI score0.94721EPSS
Exploits1References1Affected Software3
Prion
Prion
•added 2024/02/05 6:15 a.m.•38 views

Input validation

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:...

5CVSS7.3AI score0.01205EPSS
Exploits0References1
Prion
Prion
•added 2024/01/29 1:15 p.m.•38 views

Design/Logic Flaw

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

5CVSS7.1AI score0.01149EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2024/01/16 4:15 p.m.•38 views

Sql injection

The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

7.5CVSS7.9AI score0.0084EPSS
Exploits2References1Affected Software1
Prion
Prion
•added 2024/01/12 5:15 p.m.•38 views

Command injection

A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance...

5.8CVSS8AI score0.99999EPSS
Exploits23References2Affected Software2
Prion
Prion
•added 2024/01/09 6:15 p.m.•38 views

Privilege escalation

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability...

4.3CVSS7AI score0.11509EPSS
Exploits0References1Affected Software8
Prion
Prion
•added 2024/01/09 6:15 p.m.•38 views

Spoofing

Microsoft Bluetooth Driver Spoofing Vulnerability...

2.9CVSS6.9AI score0.0583EPSS
Exploits3References1Affected Software7
Prion
Prion
•added 2024/01/05 5:15 p.m.•38 views

Design/Logic Flaw

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

1.7CVSS5.5AI score0.02501EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/12/14 5:15 a.m.•38 views

Design/Logic Flaw

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect agains...

6.5CVSS7.1AI score0.0104EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2023/12/07 10:15 p.m.•38 views

Deserialization of untrusted data

A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqosexpressdevices/smartqosnormaldevices leads to deserialization. It is possible to...

9CVSS7AI score0.02347EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2023/12/04 11:15 p.m.•38 views

Design/Logic Flaw

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

5CVSS6.9AI score0.04777EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2023/11/14 9:15 p.m.•38 views

Authentication flaw

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass log...

7.5CVSS7.9AI score0.01345EPSS
Exploits4References4Affected Software1
Prion
Prion
•added 2023/11/14 7:15 p.m.•38 views

Race condition

A race condition in System Management Mode SMM code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation...

5.1CVSS7.3AI score0.18404EPSS
Exploits9References1Affected Software71
Prion
Prion
•added 2023/11/14 6:15 p.m.•38 views

Security feature bypass

Microsoft Office Security Feature Bypass Vulnerability...

4.3CVSS7AI score0.2997EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/11/10 7:15 p.m.•38 views

Code injection

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustio...

5CVSS7AI score0.01592EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2023/11/03 8:15 p.m.•38 views

Design/Logic Flaw

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...

5.8CVSS8.1AI score0.02464EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2023/11/02 3:15 p.m.•38 views

Sql injection

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

7.5CVSS9.9AI score0.007EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/11/02 2:15 p.m.•38 views

Open redirect

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.9AI score
Exploits0
Prion
Prion
•added 2023/10/27 4:15 a.m.•38 views

Command injection

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain a command injection vulnerability...

7.5CVSS9.8AI score0.20477EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2023/10/27 3:15 a.m.•38 views

Race condition

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory and th...

3.5CVSS6.5AI score0.00693EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2023/10/25 6:17 p.m.•38 views

Design/Logic Flaw

jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less...

5CVSS7.5AI score0.00644EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/10/16 11:15 a.m.•38 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in 10 Quality Post Gallery plugin = 2.3.12 versions...

6.8CVSS8.8AI score0.00214EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/10/12 5:15 p.m.•39 views

Design/Logic Flaw

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

5CVSS7.4AI score0.01364EPSS
Exploits0References9Affected Software1
Prion
Prion
•added 2023/10/06 4:15 p.m.•38 views

Design/Logic Flaw

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability...

6.8CVSS9.1AI score0.01408EPSS
Exploits0References5Affected Software3
Prion
Prion
•added 2023/10/04 5:15 p.m.•38 views

Information disclosure

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and unknowingly leak...

5.5CVSS7.6AI score0.01207EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2023/09/15 9:15 p.m.•38 views

Authentication flaw

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...

4CVSS4.8AI score0.00753EPSS
Exploits1References5Affected Software2
Prion
Prion
•added 2023/09/12 2:15 a.m.•38 views

Path traversal

The use of the deprecated API process.binding can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of...

5CVSS8.3AI score0.01481EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/09/08 3:15 a.m.•38 views

Race condition

GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...

5CVSS6.7AI score0.98945EPSS
Exploits17References1Affected Software3
Prion
Prion
•added 2023/09/05 10:15 p.m.•38 views

Type confusion

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

6.8CVSS8.4AI score0.37987EPSS
Exploits2References10Affected Software3
Prion
Prion
•added 2023/08/23 3:15 p.m.•38 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Yoast Yoast SEO: Local plugin = 14.8 versions...

5.8CVSS6AI score0.00379EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/08/10 5:15 p.m.•38 views

Design/Logic Flaw in Fedoraproject - Fedora

A use-after-free flaw was found in net/sched/clsfw.c in classifiers clsfw, clsu32, and clsroute in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue...

4.3CVSS7.3AI score
Exploits0References23Affected Software3
Prion
Prion
•added 2023/08/09 7:15 a.m.•38 views

Hardcoded credentials

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...

3.3CVSS5.1AI score0.00339EPSS
Exploits0References1Affected Software6
Prion
Prion
•added 2023/08/08 6:15 p.m.•38 views

Remote code execution

Microsoft Message Queuing MSMQ Remote Code Execution Vulnerability...

7.5CVSS9.4AI score0.01645EPSS
Exploits0References1Affected Software9
Prion
Prion
•added 2023/07/27 12:15 a.m.•38 views

Code injection

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited...

6.8CVSS8.5AI score0.18185EPSS
Exploits0References6Affected Software6
Prion
Prion
•added 2023/07/21 8:15 p.m.•38 views

Remote code execution

vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive insid...

7.5CVSS9.8AI score0.0279EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/07/18 9:15 p.m.•38 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.6AI score0.00987EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/07/11 1:15 p.m.•38 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Mark Tilly MyCurator Content Curation plugin = 3.74 versions...

4.3CVSS6.6AI score0.00202EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/06/26 7:15 p.m.•38 views

Cross site scripting

Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the element...

5.8CVSS6.5AI score
Exploits5References3Affected Software1
Prion
Prion
•added 2023/06/22 5:15 a.m.•38 views

Design/Logic Flaw

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable...

5CVSS8.4AI score0.01709EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2023/06/15 7:15 p.m.•38 views

Design/Logic Flaw

In multiple functions of cdmengine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID:...

4.3CVSS7.7AI score0.00072EPSS
Exploits0References1
Prion
Prion
•added 2023/06/09 7:15 p.m.•38 views

Code injection

schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code...

5.8CVSS7.2AI score0.0119EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2023/06/09 6:16 a.m.•38 views

Design/Logic Flaw

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templatecount function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While ...

4CVSS4.4AI score0.00572EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/05/30 8:15 p.m.•38 views

Input validation

A user can supply malicious HTML and JavaScript code that will be executed in the client browser...

4.9CVSS5.5AI score0.03083EPSS
Exploits3References2Affected Software1
Prion
Prion
•added 2023/05/29 9:15 p.m.•38 views

Remote code execution

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: ?PHP instead of ?php in injected data...

6.5CVSS8.9AI score0.79335EPSS
Exploits16References3Affected Software1
Prion
Prion
•added 2023/04/11 9:15 p.m.•38 views

Design/Logic Flaw

A use-after-free flaw was found in btsdioremove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdioremove with an unfinished job, may cause a race problem leading to a UAF on hdev devices...

3.5CVSS6.7AI score0.00387EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2023/03/29 7:15 p.m.•38 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

4.4CVSS7.8AI score0.0077EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/03/29 7:15 p.m.•38 views

Design/Logic Flaw

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...

4.3CVSS7.5AI score0.00343EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/03/25 12:15 a.m.•38 views

Integer overflow

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

5CVSS8AI score0.00391EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/03/22 6:15 a.m.•38 views

Design/Logic Flaw

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown...

5CVSS7.3AI score0.01009EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000