Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2023/12/13 11:15 p.m.35 views

Command injection

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972...

4.3CVSS6.7AI score0.00237EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/12/13 8:15 a.m.35 views

Design/Logic Flaw

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output,...

3.5CVSS6.9AI score0.01232EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/12/10 6:15 p.m.35 views

Design/Logic Flaw

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4CVSS6.5AI score0.02775EPSS
Exploits0References26Affected Software16
Prion
Prion
added 2023/12/08 5:15 p.m.35 views

Cross site scripting

An out-of-bounds read vulnerability was found in smb2dumpdetail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...

3.2CVSS6.4AI score0.00427EPSS
Exploits1References9Affected Software1
Prion
Prion
added 2023/12/07 9:15 a.m.35 views

Design/Logic Flaw

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

7.5CVSS7.3AI score0.80819EPSS
Exploits15References4Affected Software1
Prion
Prion
added 2023/12/05 5:15 p.m.36 views

Design/Logic Flaw

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

5CVSS6.9AI score0.0125EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/11/30 3:15 p.m.35 views

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0...

5CVSS7.1AI score0.02036EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/11/10 3:15 p.m.36 views

Design/Logic Flaw

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...

5.5CVSS6.8AI score0.00999EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/11/02 8:15 a.m.35 views

Design/Logic Flaw

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...

4.9CVSS5.7AI score0.00301EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/13 1:15 p.m.35 views

Code injection

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing...

5CVSS7.5AI score0.00575EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/10/12 5:15 p.m.35 views

Code injection

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

4.3CVSS8.7AI score0.0052EPSS
Exploits0References7Affected Software9
Prion
Prion
added 2023/10/11 4:15 p.m.35 views

Command injection

A command execution vulnerability exists in the validate.so diagpingstart functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability...

7.5CVSS9.5AI score0.01212EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/10 6:15 p.m.35 views

Remote code execution

Azure Identity SDK Remote Code Execution Vulnerability...

6.5CVSS8.9AI score0.02243EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/10 6:15 p.m.35 views

Input validation

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

5CVSS6.1AI score0.0216EPSS
Exploits1References6Affected Software2
Prion
Prion
added 2023/10/03 5:15 p.m.35 views

Race condition

A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory...

1CVSS4.6AI score0.00292EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2023/09/12 5:15 p.m.35 views

Remote code execution

Visual Studio Remote Code Execution Vulnerability...

4.4CVSS7.7AI score0.01441EPSS
Exploits0References1Affected Software5
Prion
Prion
added 2023/09/11 9:15 p.m.35 views

Deserialization of untrusted data

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

4.3CVSS7.7AI score0.001EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/07 1:15 p.m.35 views

Hardcoded credentials

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...

6.5CVSS9AI score0.00737EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/22 7:16 p.m.35 views

Denial of service

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function comparesymbols...

4.4CVSS7.3AI score0.00404EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/08/17 8:15 p.m.35 views

Code injection

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution...

7.5CVSS7.5AI score0.93546EPSS
Exploits25References3Affected Software1
Prion
Prion
added 2023/08/15 4:15 p.m.35 views

Code injection

The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...

6.5CVSS9AI score0.01273EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2023/08/14 3:15 a.m.35 views

Double free

An issue was discovered in l2capsockrelease in net/bluetooth/l2capsock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled...

4.3CVSS7.1AI score0.0056EPSS
Exploits0References10Affected Software3
Prion
Prion
added 2023/08/10 2:15 a.m.35 views

Improper access control

Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission...

1.7CVSS4.1AI score0.00137EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/08 6:15 p.m.35 views

Remote code execution

Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability...

4.6CVSS8.6AI score0.0132EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/08/08 9:15 a.m.35 views

Privilege escalation

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation...

5.8CVSS6.9AI score0.00614EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/08/07 4:15 a.m.35 views

Out-of-bounds

In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061...

4CVSS6.7AI score0.00087EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/08/03 10:15 p.m.35 views

Xxe

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

4CVSS6.5AI score0.00375EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/03 11:15 a.m.35 views

Race condition

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition...

4CVSS6.3AI score0.00519EPSS
Exploits0References1Affected Software16
Prion
Prion
added 2023/08/02 8:15 p.m.35 views

Code injection

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5CVSS6.3AI score0.01328EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/07/26 9:15 p.m.35 views

Design/Logic Flaw

Multi-Remote Next Generation Connection Manager mRemoteNG is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version = v1.76.20 and =...

5CVSS7.5AI score0.00431EPSS
Exploits4References4Affected Software1
Prion
Prion
added 2023/07/25 1:15 p.m.35 views

Authentication flaw

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected...

5CVSS7.7AI score0.75794EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/07/20 3:15 p.m.35 views

Race condition

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function slunpackloop did not validate a field in the network packet that contains the count of elements in an array-like...

5CVSS7.1AI score0.62015EPSS
Exploits0References11Affected Software4
Prion
Prion
added 2023/07/19 8:15 p.m.35 views

Design/Logic Flaw

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

5CVSS7.5AI score0.01422EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/07/13 10:15 a.m.35 views

Input validation

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

4.9CVSS5.4AI score0.00467EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/11 8:15 p.m.35 views

Design/Logic Flaw

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

4.3CVSS6.8AI score0.0125EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/07/06 3:15 p.m.35 views

Buffer overflow

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

5.8CVSS7.4AI score0.01318EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/06/29 4:15 p.m.35 views

Command injection

An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCUSHELL...

7.5CVSS9.7AI score0.31396EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/06/22 1:15 p.m.35 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin = 2.5.20 versions...

4.3CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/06/09 8:15 p.m.35 views

Design/Logic Flaw

A use-after-free flaw was found in r592remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak...

3.2CVSS6.5AI score0.00437EPSS
Exploits0References6Affected Software3
Prion
Prion
added 2023/06/09 6:15 a.m.35 views

Server side request forgery (ssrf)

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the getremotecontent REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary...

5.5CVSS8.9AI score0.00606EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2023/06/02 5:15 p.m.35 views

Design/Logic Flaw

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

6.8CVSS7.8AI score0.00737EPSS
Exploits0References4Affected Software4
Prion
Prion
added 2023/05/26 9:15 p.m.35 views

Information disclosure

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

2.6CVSS5.3AI score0.02211EPSS
Exploits1References12Affected Software3
Prion
Prion
added 2023/05/26 9:15 p.m.35 views

Design/Logic Flaw

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

5CVSS7.3AI score0.02489EPSS
Exploits1References9Affected Software2
Prion
Prion
added 2023/05/21 9:15 p.m.35 views

Design/Logic Flaw

When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946...

1.7CVSS5.6AI score0.0048EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/05/17 1:15 p.m.35 views

Remote code execution

RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution RCE...

7.5CVSS9.6AI score0.08678EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2023/05/09 6:15 p.m.35 views

Remote code execution

Windows OLE Remote Code Execution Vulnerability...

5.1CVSS8.6AI score0.84386EPSS
Exploits0References1Affected Software10
Prion
Prion
added 2023/05/03 12:16 p.m.35 views

Out-of-bounds

An issue was discovered in bgpd in FRRouting FRR through 8.4. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart, or out-of-bounds read. This is possible because of inconsistent...

4CVSS6.4AI score0.01983EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2023/04/25 10:15 p.m.35 views

Stack overflow

VMware Workstation 17.x and VMware Fusion 13.x contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine...

4CVSS8.1AI score0.02036EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/04/11 9:15 p.m.35 views

Privilege escalation

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

4.3CVSS8.5AI score0.48973EPSS
Exploits10References2Affected Software10
Prion
Prion
added 2023/04/11 3:15 a.m.35 views

Design/Logic Flaw

In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity...

6.4CVSS6.5AI score0.00379EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000