Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2023/10/31 4:15 a.m.•37 views

Deserialization of untrusted data

Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution...

7.5CVSS9.6AI score0.32257EPSS
Exploits4References1Affected Software1
Prion
Prion
•added 2023/10/30 7:15 p.m.•37 views

Cross site request forgery (csrf)

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue...

7.5CVSS9.3AI score0.00347EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/10/26 6:15 p.m.•37 views

Stack overflow

A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service...

5CVSS7.2AI score0.60679EPSS
Exploits4References3Affected Software1
Prion
Prion
•added 2023/10/25 6:17 p.m.•37 views

Design/Logic Flaw

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...

3.3CVSS4.9AI score0.01077EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/10/20 5:15 a.m.•37 views

Deserialization of untrusted data

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...

4.3CVSS8.2AI score0.00204EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/10/18 9:15 p.m.•37 views

Race condition

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

2.4CVSS3.8AI score0.00444EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2023/10/15 1:15 a.m.•37 views

Code injection

An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU...

4.3CVSS9AI score0.00544EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2023/10/03 6:15 a.m.•37 views

Memory corruption

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache...

7.5CVSS9.5AI score0.00539EPSS
Exploits0References1
Prion
Prion
•added 2023/09/27 6:15 p.m.•37 views

Design/Logic Flaw

A vulnerability in the memory buffer of Cisco Wireless LAN Controller WLC AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under...

1.8CVSS5.4AI score0.00231EPSS
Exploits0References1
Prion
Prion
•added 2023/09/27 3:19 p.m.•37 views

Design/Logic Flaw

During process shutdown, it was possible that an ImageBitmap was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox 118...

7.5CVSS8.7AI score0.00835EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/09/18 10:15 p.m.•37 views

Design/Logic Flaw

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

4CVSS6.6AI score0.00453EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/09/12 12:15 a.m.•37 views

Code injection

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is...

4.4CVSS7.8AI score0.01145EPSS
Exploits1References7Affected Software5
Prion
Prion
•added 2023/09/11 8:15 p.m.•38 views

Design/Logic Flaw

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts...

5CVSS7.3AI score0.03495EPSS
Exploits6References2Affected Software1
Prion
Prion
•added 2023/09/05 10:15 p.m.•37 views

Remote code execution

Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the reportsuser.php file. In...

6.5CVSS9.6AI score0.01689EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2023/09/05 10:15 p.m.•37 views

Command injection

Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlyin...

5.8CVSS7.4AI score0.82186EPSS
Exploits6References6Affected Software2
Prion
Prion
•added 2023/09/05 3:15 p.m.•37 views

Design/Logic Flaw

UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API...

7.5CVSS9.4AI score0.01931EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/09/04 3:15 a.m.•37 views

Out-of-bounds

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530...

4CVSS6.7AI score0.00087EPSS
Exploits0References1Affected Software4
Prion
Prion
•added 2023/08/28 8:15 p.m.•37 views

Spoofing

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange...

5.1CVSS9.3AI score0.02434EPSS
Exploits0References2Affected Software17
Prion
Prion
•added 2023/08/22 7:16 p.m.•37 views

Design/Logic Flaw

An issue was discovered in Binutils addr2line before 2.39.3, function parsemodule contains multiple out of bound reads which may cause a denial of service or other unspecified impacts...

4.4CVSS7.4AI score0.00434EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/08/08 6:15 p.m.•37 views

Remote code execution

Microsoft Outlook Remote Code Execution Vulnerability...

4.4CVSS7.8AI score0.0121EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/08/08 6:15 p.m.•37 views

Privilege escalation

Windows Kernel Elevation of Privilege Vulnerability...

4.3CVSS8.6AI score0.0584EPSS
Exploits0References2Affected Software5
Prion
Prion
•added 2023/08/03 12:15 p.m.•37 views

Race condition

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition...

4CVSS6.3AI score0.00519EPSS
Exploits0References1Affected Software16
Prion
Prion
•added 2023/07/17 2:15 p.m.•37 views

Cross site scripting

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

5.8CVSS6.1AI score0.00482EPSS
Exploits2References1Affected Software1
Prion
Prion
•added 2023/07/11 7:15 p.m.•37 views

Remote code execution

Windows Search Remote Code Execution Vulnerability...

5.1CVSS7.8AI score0.99083EPSS
Exploits3References2Affected Software5
Prion
Prion
•added 2023/07/06 3:15 p.m.•37 views

Buffer overflow

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

5.8CVSS7.4AI score0.01318EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/06/21 1:15 p.m.•37 views

Sql injection

Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection SQLI attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process...

7.5CVSS9.8AI score0.14242EPSS
Exploits5References5Affected Software1
Prion
Prion
•added 2023/06/07 3:15 p.m.•37 views

Command injection

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution...

7.5CVSS9.8AI score0.98243EPSS
Exploits7References2Affected Software1
Prion
Prion
•added 2023/05/19 12:15 p.m.•37 views

Design/Logic Flaw

Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLDINSERTLIBRARIES flag...

1.7CVSS5.5AI score0.0054EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2023/05/10 12:15 p.m.•37 views

Design/Logic Flaw

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...

6.4CVSS8AI score0.00386EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/05/05 5:15 p.m.•37 views

Design/Logic Flaw

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/afnetrom.c, there is a use-after-free because accept is also allowed for a successfully connected AFNETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the...

4CVSS6.4AI score0.0027EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/05/03 12:15 a.m.•37 views

Design/Logic Flaw

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. Chromium security severity: Medium...

6.8CVSS8.9AI score0.00763EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2023/04/11 9:15 p.m.•37 views

Remote code execution

Microsoft SQL Server Remote Code Execution Vulnerability...

7.5CVSS8AI score0.00871EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/04/10 8:15 p.m.•37 views

Input validation

Certain Lexmark devices through 2023-02-19 mishandle Input Validation issue 1 of 4...

5.1CVSS8AI score0.37835EPSS
Exploits4References3Affected Software26
Prion
Prion
•added 2023/04/06 4:15 p.m.•37 views

Design/Logic Flaw

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

7.5CVSS9.4AI score0.02281EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2023/04/05 7:15 p.m.•37 views

Double free

A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem...

3.2CVSS6AI score0.00251EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/03/30 8:15 p.m.•37 views

Authentication flaw

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

1.7CVSS6.9AI score0.01162EPSS
Exploits1References4Affected Software4
Prion
Prion
•added 2023/03/14 5:15 p.m.•37 views

Privilege escalation

Microsoft Outlook Elevation of Privilege Vulnerability...

7.5CVSS9.4AI score0.97408EPSS
Exploits18References1Affected Software2
Prion
Prion
•added 2023/03/13 12:15 p.m.•37 views

Format string

The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol SDP module, which can lead to a denial of service...

7.5CVSS9.2AI score0.34305EPSS
Exploits0References3
Prion
Prion
•added 2023/03/08 8:15 p.m.•37 views

Code injection

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

5CVSS7.1AI score0.00817EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2023/03/07 4:15 p.m.•37 views

Design/Logic Flaw

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client...

5CVSS8.3AI score0.02134EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2023/03/06 11:15 p.m.•37 views

Stack overflow

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free...

1.4CVSS6.5AI score0.00269EPSS
Exploits0References2Affected Software2
Prion
Prion
•added 2023/02/26 11:15 p.m.•37 views

Design/Logic Flaw

In the Linux kernel 6.0.8, there is a use-after-free in ntfstrimfs in fs/ntfs3/bitmap.c...

4.3CVSS7.2AI score0.00393EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/02/26 11:15 p.m.•37 views

Out-of-bounds

In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfsattrfind in fs/ntfs/attrib.c...

3.2CVSS6.6AI score0.00608EPSS
Exploits1References2Affected Software2
Prion
Prion
•added 2023/02/16 7:15 p.m.•37 views

Xxe

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

7.5CVSS9.6AI score0.99815EPSS
Exploits7References1Affected Software1
Prion
Prion
•added 2023/02/16 4:15 p.m.•37 views

Authentication flaw

It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack...

3.6CVSS4.2AI score0.00206EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/02/06 8:15 p.m.•37 views

Command injection

Fortra formerly, HelpSystems GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2...

5.8CVSS7.2AI score0.99999EPSS
Exploits12References8Affected Software1
Prion
Prion
•added 2023/01/12 12:15 a.m.•37 views

Design/Logic Flaw

Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file...

4.3CVSS5.6AI score0.00569EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2023/01/11 9:15 a.m.•37 views

Input validation

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

6.5CVSS8.7AI score0.80274EPSS
Exploits4References2Affected Software1
Prion
Prion
•added 2022/12/26 8:15 a.m.•37 views

Information disclosure

A vulnerability, which was classified as critical, has been found in json-pointer. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack may be launched remotel...

7.5CVSS9.4AI score0.01005EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/12/12 6:15 a.m.•37 views

Design/Logic Flaw

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...

4.3CVSS7.1AI score0.00425EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities5000