Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2024/02/13 6:16 p.m.•36 views

Remote code execution

Microsoft Outlook Remote Code Execution Vulnerability...

7.5CVSS7.7AI score0.9466EPSS
Exploits23References2Affected Software2
Prion
Prion
•added 2024/02/13 2:15 p.m.•36 views

Design/Logic Flaw

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects bot...

5CVSS7.6AI score0.01327EPSS
Exploits0References6
Prion
Prion
•added 2024/01/25 9:15 p.m.•36 views

Code injection

An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/topic/messages...

6.5CVSS8.3AI score0.85025EPSS
Exploits5References2Affected Software1
Prion
Prion
•added 2024/01/23 9:15 p.m.•36 views

Design/Logic Flaw

An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

4.3CVSS7.5AI score0.00244EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2024/01/23 8:15 p.m.•36 views

Code injection

Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network...

2.9CVSS7.2AI score0.00168EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2024/01/23 9:15 a.m.•36 views

Design/Logic Flaw

copyparams in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INTMAX bytes, and crash, because of a missing paramkernel-datasize check. This is related to ctlioctl...

1.7CVSS7AI score0.00296EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2024/01/16 10:15 p.m.•36 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.7CVSS6.4AI score0.0081EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2024/01/11 9:15 a.m.•36 views

Cross site scripting

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

4.9CVSS5.9AI score0.19684EPSS
Exploits2References4Affected Software1
Prion
Prion
•added 2024/01/10 10:15 p.m.•36 views

Design/Logic Flaw

The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing...

4.3CVSS5.8AI score0.00523EPSS
Exploits0References2Affected Software3
Prion
Prion
•added 2023/12/12 6:15 p.m.•36 views

Privilege escalation

Windows Telephony Server Elevation of Privilege Vulnerability...

5.1CVSS7AI score0.23857EPSS
Exploits0References1Affected Software10
Prion
Prion
•added 2023/12/12 1:15 a.m.•36 views

Memory corruption

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution...

4.4CVSS7.8AI score0.00311EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/11/14 10:15 p.m.•36 views

Denial of service

ASP.NET Core Denial of Service Vulnerability...

5CVSS7AI score0.02777EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/11/14 7:15 p.m.•36 views

Input validation

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine VM memory integrity...

4CVSS7AI score0.01018EPSS
Exploits0References1Affected Software29
Prion
Prion
•added 2023/11/10 3:15 p.m.•37 views

Design/Logic Flaw

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...

5.5CVSS6.8AI score0.00999EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/11/02 2:15 p.m.•36 views

Open redirect

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.9AI score
Exploits0
Prion
Prion
•added 2023/11/02 8:15 a.m.•36 views

Design/Logic Flaw

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...

4.9CVSS5.7AI score0.00301EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/10/19 10:15 a.m.•36 views

Design/Logic Flaw

Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion...

5CVSS7.5AI score0.00218EPSS
Exploits0References1
Prion
Prion
•added 2023/10/13 7:15 a.m.•36 views

Sql injection

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...

4.3CVSS7.5AI score0.00829EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/10/11 4:15 p.m.•36 views

Buffer overflow

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

7.5CVSS9.7AI score0.01018EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/10/11 4:15 p.m.•36 views

Command injection

A command execution vulnerability exists in the validate.so diagpingstart functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability...

7.5CVSS9.5AI score0.01212EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/10/10 6:15 p.m.•36 views

Remote code execution

Microsoft SQL OLE DB Remote Code Execution Vulnerability...

4.4CVSS8AI score0.00982EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/10/05 4:15 p.m.•36 views

Buffer overflow

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

5CVSS8AI score0.00832EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/10/04 11:15 a.m.•36 views

Security feature bypass

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle MITM attack...

4CVSS7.4AI score0.00448EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/09/27 3:18 p.m.•36 views

Code injection

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution...

6.8CVSS8.6AI score0.0146EPSS
Exploits0References13Affected Software7
Prion
Prion
•added 2023/09/20 5:15 p.m.•36 views

Design/Logic Flaw

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file...

6.5CVSS8.8AI score0.00944EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/09/14 8:15 p.m.•36 views

Deserialization of untrusted data

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect gli...

5CVSS7.2AI score0.0078EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/09/12 5:15 p.m.•36 views

Remote code execution

Visual Studio Remote Code Execution Vulnerability...

4.4CVSS7.7AI score0.01441EPSS
Exploits0References1Affected Software5
Prion
Prion
•added 2023/09/12 5:15 p.m.•36 views

Privilege escalation

Visual Studio Elevation of Privilege Vulnerability...

7.5CVSS9.4AI score0.01354EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/09/11 7:15 p.m.•36 views

Design/Logic Flaw

An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface...

6.5CVSS8.9AI score0.02005EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/09/08 12:15 p.m.•36 views

Design/Logic Flaw

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

4.3CVSS7.6AI score0.00862EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2023/09/07 4:15 p.m.•36 views

Memory corruption

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed ...

5CVSS7.8AI score0.01704EPSS
Exploits2References1Affected Software1
Prion
Prion
•added 2023/09/04 3:15 a.m.•36 views

Input validation

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365...

4CVSS6.4AI score0.00095EPSS
Exploits0References1Affected Software3
Prion
Prion
•added 2023/08/24 7:15 a.m.•36 views

Design/Logic Flaw

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file...

5CVSS7.3AI score0.00438EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2023/08/10 2:15 p.m.•36 views

Cross site scripting

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...

4.4CVSS7.7AI score0.02131EPSS
Exploits0References1Affected Software4
Prion
Prion
•added 2023/08/10 2:15 p.m.•36 views

Null pointer dereference

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a...

4.4CVSS7.7AI score0.02036EPSS
Exploits0References1Affected Software4
Prion
Prion
•added 2023/07/18 9:15 p.m.•36 views

Code injection

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Portal. Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools...

4.6CVSS8.5AI score0.00202EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/07/13 9:15 a.m.•36 views

Design/Logic Flaw

JavaScript pre-processing can be used by the attacker to gain access to the file system read-only access on behalf of user "zabbix" on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...

5CVSS7.6AI score0.0105EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/07/12 5:15 a.m.•36 views

Authorization

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

6.5CVSS8.5AI score0.02233EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2023/07/11 5:15 p.m.•36 views

Design/Logic Flaw

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several...

6.5CVSS9AI score0.74822EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2023/06/29 4:15 p.m.•36 views

Command injection

An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCUSHELL...

7.5CVSS9.7AI score0.31396EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/06/25 10:15 p.m.•36 views

Server side request forgery (ssrf)

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

5CVSS7.2AI score0.03055EPSS
Exploits3References2Affected Software2
Prion
Prion
•added 2023/06/13 9:15 a.m.•36 views

Default configuration

An incorrect default permission CWE-276 vulnerability in FortiClient Windows versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter Windows versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the...

1.7CVSS5.3AI score0.0022EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/06/06 12:15 p.m.•36 views

Command injection

A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router firmware version ARg5.8110WVN0b72. The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function...

5.8CVSS7.4AI score0.27122EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2023/06/02 2:15 p.m.•36 views

Sql injection

In Progress MOVEit Transfer before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database...

7.5CVSS9.8AI score0.99934EPSS
Exploits15References3Affected Software2
Prion
Prion
•added 2023/05/21 9:15 p.m.•36 views

Design/Logic Flaw

When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946...

1.7CVSS5.6AI score0.0048EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/05/11 8:15 p.m.•36 views

Code injection

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4CVSS4.5AI score0.00744EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2023/05/09 7:15 p.m.•36 views

Input validation

Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution...

4.6CVSS7.4AI score0.00318EPSS
Exploits0References1Affected Software48
Prion
Prion
•added 2023/04/26 9:15 p.m.•36 views

Authentication flaw

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...

5CVSS7.5AI score0.02224EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/04/25 10:15 p.m.•36 views

Stack overflow

VMware Workstation 17.x and VMware Fusion 13.x contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine...

4CVSS8.1AI score0.02036EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/04/20 4:15 p.m.•36 views

Authentication flaw

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. ...

7.5CVSS9.8AI score0.99999EPSS
Exploits24References7Affected Software2
Total number of security vulnerabilities5000