Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2023/01/17 5:15 a.m.•35 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF in MiKa's OSM – OpenStreetMap plugin = 6.0.1 versions...

6.8CVSS8.8AI score0.00271EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/01/12 3:15 p.m.•35 views

Heap overflow

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

4CVSS6.9AI score0.0369EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2023/01/11 8:15 a.m.•35 views

Design/Logic Flaw

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment...

5CVSS6AI score0.00504EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/01/10 10:15 p.m.•35 views

Spoofing

Microsoft Exchange Server Spoofing Vulnerability...

5.2CVSS7.6AI score0.0155EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/01/09 9:15 p.m.•35 views

Null pointer dereference

A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware = 4.30.18.006. A null pointer dereference in the soapaction function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the...

5CVSS7.5AI score0.01313EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2022/12/12 1:15 p.m.•35 views

Code injection

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...

5CVSS7.4AI score0.01048EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2022/11/30 5:15 a.m.•35 views

Race condition

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualisation and the TDP MMU are enabled...

1.7CVSS5.7AI score0.00256EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/11/14 3:15 p.m.•35 views

Input validation

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection...

7.5CVSS9.5AI score0.01318EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/11/09 10:15 p.m.•35 views

Information disclosure

Windows GDI+ Information Disclosure Vulnerability...

1.9CVSS5.8AI score0.00723EPSS
Exploits0References1Affected Software5
Prion
Prion
•added 2022/10/29 6:15 p.m.•35 views

Privilege escalation

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside o...

4.3CVSS7.7AI score0.00658EPSS
Exploits5References13Affected Software3
Prion
Prion
•added 2022/10/18 9:15 p.m.•35 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

5.8CVSS6.5AI score0.01161EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/10/14 8:15 p.m.•35 views

Code injection

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...

4CVSS6.1AI score0.0077EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/09/26 4:15 p.m.•35 views

Design/Logic Flaw

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

6.8CVSS8.8AI score0.00579EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2022/09/26 11:15 a.m.•35 views

Design/Logic Flaw

ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary...

4.7CVSS6.7AI score0.01008EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/09/23 7:15 p.m.•35 views

Design/Logic Flaw

The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing...

4.3CVSS6.1AI score0.06463EPSS
Exploits0References4Affected Software5
Prion
Prion
•added 2022/09/21 4:15 p.m.•35 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8CVSS8.7AI score0.0039EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/09/16 10:15 a.m.•35 views

Input validation

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

5CVSS8.1AI score0.19653EPSS
Exploits1References2Affected Software2
Prion
Prion
•added 2022/09/13 7:15 p.m.•35 views

Remote code execution

Windows Enterprise App Management Service Remote Code Execution Vulnerability...

6.5CVSS8.8AI score0.02599EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/09/09 3:15 p.m.•35 views

Improper access control

An out-of-boundsOOB memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfxkms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 or Dxxx'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial...

1.7CVSS5.8AI score0.00591EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2022/09/06 6:15 p.m.•35 views

Cross site scripting

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in MyThemeShop Launcher: Coming Soon & Maintenance Mode plugin = 1.0.11 at WordPress...

4.3CVSS4.9AI score0.00457EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/08/29 3:15 p.m.•35 views

Design/Logic Flaw

A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...

4.3CVSS6.6AI score0.0101EPSS
Exploits2References4Affected Software2
Prion
Prion
•added 2022/08/26 4:15 p.m.•35 views

Design/Logic Flaw

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

4CVSS6.8AI score0.00481EPSS
Exploits1References6Affected Software2
Prion
Prion
•added 2022/08/25 6:15 p.m.•35 views

Design/Logic Flaw

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl...

5.5CVSS5.7AI score0.01064EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/08/05 4:15 p.m.•35 views

Memory corruption

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem...

6.4CVSS5.8AI score0.02972EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2022/08/03 6:15 a.m.•35 views

Design/Logic Flaw

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...

5CVSS8.3AI score0.19193EPSS
Exploits2References6Affected Software1
Prion
Prion
•added 2022/07/12 7:15 p.m.•35 views

Design/Logic Flaw

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

2.1CVSS7.4AI score0.03764EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2022/07/06 11:15 a.m.•35 views

Cross site request forgery (csrf)

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

3.5CVSS5.5AI score0.00725EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2022/07/05 1:15 p.m.•35 views

Design/Logic Flaw

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged...

1.9CVSS5.8AI score0.00309EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2022/07/05 1:15 p.m.•35 views

Design/Logic Flaw

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

3.6CVSS7AI score0.00325EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2022/07/05 1:15 p.m.•35 views

Design/Logic Flaw

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

3.6CVSS7AI score0.00325EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2022/06/16 6:15 p.m.•35 views

Input validation

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

6.8CVSS7.2AI score0.01327EPSS
Exploits0References4Affected Software4
Prion
Prion
•added 2022/06/02 2:15 p.m.•35 views

Code injection

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

5.8CVSS7.7AI score0.03453EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2022/05/26 6:15 p.m.•35 views

Design/Logic Flaw

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a repo...

9.3CVSS7.5AI score0.12642EPSS
Exploits0References5Affected Software5
Prion
Prion
•added 2022/05/15 3:15 a.m.•35 views

Remote code execution

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created i.e., not created in Virtualmin or Cloudmin. This occurs because settings-editorwrite.cgi does not properly restrict the file parameter...

6.5CVSS9AI score0.03266EPSS
Exploits1References8Affected Software1
Prion
Prion
•added 2022/05/11 5:15 p.m.•35 views

Input validation

Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service...

4.9CVSS5.5AI score0.00212EPSS
Exploits0References2Affected Software106
Prion
Prion
•added 2022/05/11 3:15 p.m.•35 views

Authentication flaw

During an update of SAP BusinessObjects Enterprise, Central Management Server CMS - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability...

4.6CVSS7.5AI score0.00167EPSS
Exploits0References2Affected Software2
Prion
Prion
•added 2022/05/09 6:15 p.m.•35 views

Design/Logic Flaw

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972...

7.2CVSS7.8AI score0.03686EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/05/09 5:15 p.m.•35 views

Integer overflow

There is a vulnerability in htmldoc 1.9.16. In imageloadjpeg function image.cxx when it calls malloc,'img-width' and 'img-height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer...

4.3CVSS5.5AI score0.00917EPSS
Exploits1References3Affected Software2
Prion
Prion
•added 2022/04/19 9:15 p.m.•35 views

Design/Logic Flaw

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5CVSS6.9AI score0.03825EPSS
Exploits0References5Affected Software6
Prion
Prion
•added 2022/04/05 1:15 p.m.•35 views

Memory corruption

IOMMU: RMRR VT-d and unity map AMD-Vi handling issues This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region...

4.4CVSS7.4AI score0.00344EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2022/03/30 9:15 p.m.•35 views

Design/Logic Flaw

PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds...

5CVSS8.3AI score0.02039EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2022/03/25 7:15 p.m.•35 views

Stack overflow

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges...

9CVSS8.8AI score0.67994EPSS
Exploits2References3Affected Software23
Prion
Prion
•added 2022/03/23 8:15 p.m.•35 views

Design/Logic Flaw

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1...

7.2CVSS7.5AI score0.00541EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2022/03/22 9:15 p.m.•35 views

Command injection

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi...

7.5CVSS9.8AI score0.03986EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/03/16 3:15 p.m.•35 views

Out-of-bounds

In kbasejduserbufpinpages of malikbasemem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

7.2CVSS7.7AI score0.00726EPSS
Exploits0References1
Prion
Prion
•added 2022/03/10 8:15 p.m.•35 views

Race condition

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

4.4CVSS6.7AI score0.00351EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/02/24 7:15 p.m.•35 views

Out-of-bounds

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution...

5.1CVSS7.8AI score0.0113EPSS
Exploits0References4Affected Software4
Prion
Prion
•added 2022/02/21 6:15 p.m.•35 views

Heap overflow

Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolvedependencies function at src/solver.c line 1940 & line 1995, which could cause a remote Denial of Service...

4.3CVSS6.7AI score0.01767EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2022/02/18 5:15 a.m.•35 views

Stack overflow

In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...

4.3CVSS7.7AI score0.03268EPSS
Exploits0References10Affected Software6
Prion
Prion
•added 2022/01/30 3:15 p.m.•35 views

Design/Logic Flaw

Use After Free in GitHub repository vim/vim prior to 8.2...

6.8CVSS7.7AI score0.01395EPSS
Exploits1References7Affected Software3
Total number of security vulnerabilities5000