Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2023/04/20 4:15 p.m.•36 views

Authentication flaw

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. ...

7.5CVSS9.8AI score0.99999EPSS
Exploits24References7Affected Software2
Prion
Prion
•added 2023/04/16 9:15 a.m.•36 views

Cross site scripting

Auth. subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Silkalns Activello theme = 1.4.4 versions...

4.9CVSS5.3AI score0.00471EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/04/11 9:15 p.m.•36 views

Remote code execution

Microsoft SQL Server Remote Code Execution Vulnerability...

7.5CVSS8AI score0.00871EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/03/28 9:15 p.m.•36 views

Design/Logic Flaw

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...

5.8CVSS6.4AI score0.01025EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2023/03/27 10:15 p.m.•36 views

Security feature bypass

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

5CVSS7.4AI score0.03514EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/03/23 1:15 a.m.•36 views

Privilege escalation

In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios...

4.3CVSS7.7AI score0.00475EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/03/14 5:15 p.m.•36 views

Privilege escalation

Microsoft Outlook Elevation of Privilege Vulnerability...

7.5CVSS9.4AI score0.97408EPSS
Exploits18References1Affected Software2
Prion
Prion
•added 2023/03/07 12:0 a.m.•36 views

Buffer overflow

A buffer underwrite 'buffer underflow' vulnerability in FortiOS, FortiManager, FortiAnalyzer, FortiWeb, FortiProxy & FortiSwitchManager administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically...

8.7AI score0.17797EPSS
Exploits1References1
Prion
Prion
•added 2023/03/06 11:15 p.m.•36 views

Design/Logic Flaw

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

5CVSS6.9AI score0.0369EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/02/11 1:23 a.m.•36 views

Design/Logic Flaw

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...

6.4CVSS9.2AI score0.00684EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/01/12 4:15 a.m.•36 views

Design/Logic Flaw

Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file...

4.3CVSS6.5AI score0.00675EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2023/01/11 9:15 a.m.•36 views

Input validation

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

6.5CVSS8.7AI score0.80274EPSS
Exploits4References2Affected Software1
Prion
Prion
•added 2022/12/26 5:15 a.m.•36 views

Design/Logic Flaw

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...

7.5CVSS9.2AI score0.70947EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2022/12/13 5:15 p.m.•37 views

Server side request forgery (ssrf)

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

7.5CVSS9.2AI score0.0193EPSS
Exploits5References1Affected Software1
Prion
Prion
•added 2022/12/12 6:15 p.m.•36 views

Design/Logic Flaw

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...

5CVSS7.3AI score0.01466EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2022/12/06 4:15 p.m.•36 views

Unrestricted file upload

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell...

6.5CVSS8.8AI score0.02906EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/11/25 4:15 a.m.•36 views

Double free

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvbregisterdevice dynamically allocating fops...

3.5CVSS6.2AI score0.00309EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2022/11/16 9:15 a.m.•36 views

Deserialization of untrusted data

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

7.5CVSS9.2AI score0.03571EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2022/11/10 10:15 p.m.•36 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to...

7.5AI score0.00294EPSS
Exploits0
Prion
Prion
•added 2022/11/01 8:15 p.m.•36 views

Design/Logic Flaw

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively...

4.4CVSS7.5AI score0.01136EPSS
Exploits0References2Affected Software5
Prion
Prion
•added 2022/09/23 6:15 p.m.•36 views

Deserialization of untrusted data

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network...

7.5CVSS9.5AI score0.08191EPSS
Exploits1References6Affected Software3
Prion
Prion
•added 2022/08/31 6:15 a.m.•36 views

Heap overflow

An issue was discovered in the GNU C Library glibc 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap...

5CVSS5.2AI score0.01567EPSS
Exploits3References7Affected Software1
Prion
Prion
•added 2022/08/29 11:15 p.m.•36 views

Command injection

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...

7.5CVSS9.8AI score0.01692EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/08/29 6:15 a.m.•36 views

Buffer overflow

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field...

7.5CVSS9.7AI score0.33795EPSS
Exploits2References2Affected Software68
Prion
Prion
•added 2022/08/25 11:15 p.m.•36 views

Design/Logic Flaw

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256...

7.5CVSS9.6AI score0.97136EPSS
Exploits19References3Affected Software1
Prion
Prion
•added 2022/08/23 4:15 p.m.•36 views

Design/Logic Flaw

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from th...

1.7CVSS6AI score0.00345EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/08/01 3:15 p.m.•36 views

Design/Logic Flaw

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue...

4CVSS6.3AI score0.0085EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2022/07/30 12:15 a.m.•36 views

Design/Logic Flaw

Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system...

4.3CVSS7.6AI score0.00271EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/07/28 4:15 p.m.•36 views

Authentication flaw

Saia Burgess Controls SBC PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls SBC PCD S-Bus weak credential hashing scheme issue. The affected components are characterized as: S-Bus 5050/UDP authentication. The...

3.3CVSS5.8AI score0.00229EPSS
Exploits0References2
Prion
Prion
•added 2022/07/20 6:15 p.m.•36 views

Hardcoded credentials

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit...

7.5CVSS9.5AI score0.9817EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2022/07/05 1:15 p.m.•36 views

Path traversal

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP eXpress Data Path, a code label was moved in a way allowing for SKBs having references pointers retained for further processing to nevertheless be freed...

4.6CVSS7.4AI score0.00349EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2022/07/01 8:15 a.m.•36 views

Memory corruption

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a...

10CVSS9.6AI score0.44881EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2022/06/27 10:15 p.m.•36 views

Design/Logic Flaw

Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite h...

2.1CVSS5.5AI score0.00481EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/06/15 8:15 p.m.•36 views

Information disclosure

Incomplete cleanup in specific special register read operations for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

2.1CVSS5AI score0.05465EPSS
Exploits0References4Affected Software4
Prion
Prion
•added 2022/06/09 9:15 p.m.•36 views

Design/Logic Flaw

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

4.6CVSS6.7AI score0.00617EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2022/06/09 3:15 p.m.•36 views

Double free

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copyinforecordstouser call to fail in copyeventtouser. A local user could use this flaw to crash the system or potentially escalate their privileges on the system...

7.2CVSS7.4AI score0.00323EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2022/05/26 5:15 p.m.•36 views

Design/Logic Flaw

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe postonenotification after freepipeinfo that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7.2CVSS7.3AI score0.00347EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2022/05/12 8:15 a.m.•36 views

Code injection

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide...

5CVSS7.4AI score0.71653EPSS
Exploits5References6Affected Software3
Prion
Prion
•added 2022/05/06 12:15 p.m.•36 views

Information disclosure

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

1.9CVSS6.9AI score0.01777EPSS
Exploits2References5Affected Software2
Prion
Prion
•added 2022/05/05 5:15 p.m.•36 views

Cross site scripting

On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM...

6.8CVSS7.7AI score0.00711EPSS
Exploits0References1Affected Software3
Prion
Prion
•added 2022/05/01 4:15 p.m.•36 views

Code injection

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

5CVSS7.2AI score0.04658EPSS
Exploits1References8Affected Software2
Prion
Prion
•added 2022/04/15 7:15 p.m.•36 views

Privilege escalation

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

4.6CVSS7.8AI score0.07304EPSS
Exploits2References1Affected Software5
Prion
Prion
•added 2022/04/03 9:15 p.m.•36 views

Double free

mcbausbstartxmit in drivers/net/can/usb/mcbausb.c in the Linux kernel through 5.17.1 has a double free...

2.1CVSS5.8AI score0.00317EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2022/03/25 7:15 p.m.•36 views

Design/Logic Flaw

A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information...

4.9CVSS6.7AI score0.01762EPSS
Exploits1References6Affected Software5
Prion
Prion
•added 2022/03/23 6:15 a.m.•36 views

Heap overflow

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

4.6CVSS7.7AI score0.05524EPSS
Exploits2References5Affected Software5
Prion
Prion
•added 2022/03/13 12:15 a.m.•36 views

Design/Logic Flaw

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer BHB to influence mispredicted branches. Then, cache allocation can allow the attacker to obtai...

1.9CVSS6.2AI score0.00499EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2022/03/04 6:15 p.m.•36 views

Integer overflow

A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability...

7.1CVSS5.3AI score0.00891EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2022/03/03 7:15 p.m.•36 views

Race condition

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root...

6.9CVSS6.9AI score0.00431EPSS
Exploits1References5Affected Software21
Prion
Prion
•added 2022/03/03 7:15 p.m.•36 views

Design/Logic Flaw

A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...

6.9CVSS7.9AI score0.05528EPSS
Exploits12References10Affected Software19
Prion
Prion
•added 2022/02/18 6:15 p.m.•36 views

Stack overflow

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvmechangednslist where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information...

2.1CVSS5.2AI score0.00312EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities5000