Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2023/09/12 5:15 p.m.•36 views

Privilege escalation

Visual Studio Elevation of Privilege Vulnerability...

7.5CVSS9.4AI score0.01354EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/09/12 5:15 p.m.•36 views

Privilege escalation

Microsoft SharePoint Server Elevation of Privilege Vulnerability...

6.5CVSS8.5AI score0.02254EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/09/11 7:15 p.m.•36 views

Design/Logic Flaw

An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface...

6.5CVSS8.9AI score0.02005EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/09/08 12:15 p.m.•36 views

Design/Logic Flaw

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

4.3CVSS7.6AI score0.00862EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2023/09/07 4:15 p.m.•36 views

Memory corruption

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed ...

5CVSS7.8AI score0.01704EPSS
Exploits2References1Affected Software1
Prion
Prion
•added 2023/09/06 1:15 p.m.•36 views

Server side request forgery (ssrf)

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF...

5.5CVSS5.3AI score0.00806EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/09/04 3:15 a.m.•36 views

Input validation

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365...

4CVSS6.4AI score0.00095EPSS
Exploits0References1Affected Software3
Prion
Prion
•added 2023/08/24 7:15 a.m.•36 views

Design/Logic Flaw

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file...

5CVSS7.3AI score0.00438EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2023/08/10 2:15 p.m.•36 views

Cross site scripting

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope...

4.4CVSS7.7AI score0.02131EPSS
Exploits0References1Affected Software4
Prion
Prion
•added 2023/08/10 2:15 p.m.•36 views

Null pointer dereference

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a...

4.4CVSS7.7AI score0.02036EPSS
Exploits0References1Affected Software4
Prion
Prion
•added 2023/07/18 9:15 p.m.•36 views

Code injection

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Portal. Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools...

4.6CVSS8.5AI score0.00202EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/07/13 9:15 a.m.•36 views

Design/Logic Flaw

JavaScript pre-processing can be used by the attacker to gain access to the file system read-only access on behalf of user "zabbix" on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...

5CVSS7.6AI score0.0105EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/07/12 5:15 a.m.•36 views

Authorization

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

6.5CVSS8.5AI score0.02233EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2023/07/11 6:15 p.m.•36 views

Security feature bypass

Microsoft Office Security Feature Bypass Vulnerability...

6.8CVSS9.1AI score0.02104EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/07/11 6:15 p.m.•36 views

Privilege escalation

Microsoft Office Elevation of Privilege Vulnerability...

4.3CVSS7.6AI score0.0234EPSS
Exploits4References2Affected Software1
Prion
Prion
•added 2023/07/11 5:15 p.m.•36 views

Design/Logic Flaw

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several...

6.5CVSS9AI score0.74822EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2023/06/25 10:15 p.m.•36 views

Server side request forgery (ssrf)

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

5CVSS7.2AI score0.03055EPSS
Exploits3References2Affected Software2
Prion
Prion
•added 2023/06/14 2:15 p.m.•36 views

Code injection

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...

1CVSS5.6AI score0.00352EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/06/13 9:15 a.m.•36 views

Heap overflow

A heap-based buffer overflow vulnerability CWE-122 in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all...

7.5CVSS9.8AI score0.85689EPSS
Exploits10References1Affected Software3
Prion
Prion
•added 2023/06/13 9:15 a.m.•36 views

Default configuration

An incorrect default permission CWE-276 vulnerability in FortiClient Windows versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter Windows versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the...

1.7CVSS5.3AI score0.0022EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/06/06 12:15 p.m.•36 views

Command injection

A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router firmware version ARg5.8110WVN0b72. The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function...

5.8CVSS7.4AI score0.27122EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2023/06/02 2:15 p.m.•36 views

Sql injection

In Progress MOVEit Transfer before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database...

7.5CVSS9.8AI score0.99934EPSS
Exploits15References3Affected Software2
Prion
Prion
•added 2023/05/25 10:15 a.m.•36 views

Open redirect

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL...

5.8CVSS6.2AI score0.01132EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/05/11 8:15 p.m.•36 views

Code injection

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4CVSS4.5AI score0.00744EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2023/05/09 7:15 p.m.•36 views

Input validation

Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution...

4.6CVSS7.4AI score0.00318EPSS
Exploits0References1Affected Software48
Prion
Prion
•added 2023/05/09 6:15 p.m.•36 views

Security feature bypass

Secure Boot Security Feature Bypass Vulnerability...

4CVSS7.9AI score0.10561EPSS
Exploits0References1Affected Software10
Prion
Prion
•added 2023/04/26 9:15 p.m.•36 views

Authentication flaw

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...

5CVSS7.5AI score0.02224EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/04/25 10:15 p.m.•36 views

Stack overflow

VMware Workstation 17.x and VMware Fusion 13.x contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine...

4CVSS8.1AI score0.02036EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/04/20 4:15 p.m.•36 views

Authentication flaw

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. ...

7.5CVSS9.8AI score0.99999EPSS
Exploits24References7Affected Software2
Prion
Prion
•added 2023/04/16 9:15 a.m.•36 views

Cross site scripting

Auth. subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Silkalns Activello theme = 1.4.4 versions...

4.9CVSS5.3AI score0.00471EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/04/11 9:15 p.m.•36 views

Privilege escalation

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

4.3CVSS8.5AI score0.48973EPSS
Exploits10References2Affected Software10
Prion
Prion
•added 2023/04/11 3:15 a.m.•36 views

Design/Logic Flaw

In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity...

6.4CVSS6.5AI score0.00379EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/03/28 9:15 p.m.•36 views

Design/Logic Flaw

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...

5.8CVSS6.4AI score0.01025EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2023/03/27 10:15 p.m.•36 views

Security feature bypass

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...

5CVSS7.4AI score0.03514EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/03/23 8:15 p.m.•36 views

Improper access control

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

5CVSS9.4AI score0.97339EPSS
Exploits13References2Affected Software1
Prion
Prion
•added 2023/03/23 1:15 a.m.•36 views

Privilege escalation

In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios...

4.3CVSS7.7AI score0.00475EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/03/07 12:0 a.m.•36 views

Buffer overflow

A buffer underwrite 'buffer underflow' vulnerability in FortiOS, FortiManager, FortiAnalyzer, FortiWeb, FortiProxy & FortiSwitchManager administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically...

8.7AI score0.17797EPSS
Exploits1References1
Prion
Prion
•added 2023/03/06 11:15 p.m.•36 views

Design/Logic Flaw

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

5CVSS6.9AI score0.0369EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/02/11 1:23 a.m.•36 views

Design/Logic Flaw

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...

6.4CVSS9.2AI score0.00684EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/02/06 1:15 p.m.•36 views

Cross site scripting

ezEIP v5.3.00649 was discovered to contain a cross-site scripting XSS vulnerability...

5.8CVSS6AI score0.00357EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/01/12 4:15 a.m.•36 views

Design/Logic Flaw

Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file...

4.3CVSS6.5AI score0.00675EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2023/01/10 10:15 p.m.•36 views

Spoofing

Microsoft Exchange Server Spoofing Vulnerability...

5.2CVSS7.6AI score0.0155EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/12/13 5:15 p.m.•37 views

Server side request forgery (ssrf)

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

7.5CVSS9.2AI score0.0193EPSS
Exploits6References1Affected Software1
Prion
Prion
•added 2022/12/12 6:15 p.m.•36 views

Design/Logic Flaw

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...

5CVSS7.3AI score0.01466EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2022/12/12 1:15 p.m.•36 views

Code injection

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...

5CVSS7.4AI score0.01048EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2022/12/06 4:15 p.m.•36 views

Unrestricted file upload

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell...

6.5CVSS8.8AI score0.02906EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/11/16 9:15 a.m.•36 views

Deserialization of untrusted data

Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...

7.5CVSS9.2AI score0.03571EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2022/11/14 3:15 p.m.•36 views

Input validation

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection...

7.5CVSS9.5AI score0.01318EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/11/14 2:15 p.m.•36 views

Remote code execution

UNSUPPPORTED WHEN ASSIGNED In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this migh...

7.5CVSS9.7AI score0.02251EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/11/09 10:15 p.m.•36 views

Information disclosure

Windows GDI+ Information Disclosure Vulnerability...

1.9CVSS5.8AI score0.00723EPSS
Exploits0References1Affected Software5
Total number of security vulnerabilities5000