Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2023/03/23 8:15 p.m.34 views

Improper access control

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

5CVSS9.4AI score0.97339EPSS
Exploits13References2Affected Software1
Prion
Prion
added 2023/03/20 8:15 p.m.34 views

Command injection

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

1.7CVSS5.4AI score0.54978EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/03/10 9:15 p.m.34 views

Denial of service

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service...

5CVSS7.6AI score0.46836EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/03/07 10:15 p.m.34 views

Design/Logic Flaw

Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS4.8AI score0.01163EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/03 7:15 p.m.34 views

Design/Logic Flaw

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because...

3.5CVSS7.1AI score0.00457EPSS
Exploits1References9Affected Software4
Prion
Prion
added 2023/02/27 8:15 p.m.34 views

Sql injection

An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges...

4.4CVSS7.3AI score0.0031EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/02/27 3:15 p.m.34 views

Design/Logic Flaw

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of...

5CVSS6.8AI score0.0074EPSS
Exploits0References1Affected Software7
Prion
Prion
added 2023/02/21 7:15 p.m.34 views

Design/Logic Flaw

Under very specific circumstances see Required configuration section below, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C. This affects all MongoDB .NET/C Driver versions prior to and...

5.8CVSS7AI score0.01049EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/02/14 9:15 p.m.34 views

Remote code execution

Azure DevOps Server Remote Code Execution Vulnerability...

4.6CVSS7.9AI score0.01408EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/02/01 10:15 p.m.34 views

Cross site request forgery (csrf)

An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages...

6.8CVSS6.2AI score0.0023EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/02/01 7:15 p.m.34 views

Authentication flaw

An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances. With write access to a User Directory and outgoing email enabled...

7.5CVSS9.4AI score0.15978EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/23 3:15 a.m.34 views

Heap overflow

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow e.g., "WRITE of size 307203" via a crafted TIFF image...

1.9CVSS5.7AI score0.00461EPSS
Exploits1References6Affected Software2
Prion
Prion
added 2023/01/18 6:15 p.m.34 views

Remote code execution

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...

7.5CVSS9.7AI score0.99753EPSS
Exploits15References10Affected Software23
Prion
Prion
added 2023/01/12 7:15 p.m.34 views

Buffer overflow

A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges...

4.3CVSS7.2AI score0.00503EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/01/12 4:15 a.m.34 views

Code injection

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error...

4CVSS4.5AI score0.00711EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/01/10 10:15 p.m.34 views

Information disclosure

Microsoft Exchange Server Information Disclosure Vulnerability...

5CVSS7.3AI score0.01595EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/10 8:15 p.m.34 views

Design/Logic Flaw

Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS6.4AI score0.00587EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/01/03 9:15 p.m.34 views

Out-of-bounds

In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07491374; Issue ID: ALPS07491374...

4CVSS6.7AI score0.00128EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/12/27 10:15 p.m.34 views

Design/Logic Flaw

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...

5CVSS7.4AI score0.017EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2022/12/26 5:15 a.m.34 views

Design/Logic Flaw

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

5CVSS5.7AI score0.00613EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/12/25 7:15 p.m.34 views

Integer overflow

A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a...

5CVSS8.4AI score0.0282EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/12/22 8:15 p.m.34 views

Design/Logic Flaw

An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

1.9CVSS5.9AI score0.00293EPSS
Exploits0References4Affected Software3
Prion
Prion
added 2022/12/16 4:15 p.m.34 views

Design/Logic Flaw

In l2capchanput of l2capcore, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

4.3CVSS7.5AI score0.00165EPSS
Exploits0References1
Prion
Prion
added 2022/12/07 4:15 a.m.34 views

Design/Logic Flaw

Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file...

4.4CVSS7.6AI score0.00249EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/11/30 10:15 p.m.34 views

Authentication flaw

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

1.7CVSS4.5AI score0.00473EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2022/11/30 12:15 a.m.34 views

Design/Logic Flaw

Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. Chromium security severity: High...

6.8CVSS8.8AI score0.00473EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/11/26 10:15 p.m.34 views

Design/Logic Flaw

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

5CVSS7.9AI score0.14663EPSS
Exploits2References5Affected Software3
Prion
Prion
added 2022/11/12 5:15 a.m.34 views

Heap overflow

Netatalk through 3.1.13 has an afpgetappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD used for TrueNAS...

4.4CVSS7.8AI score0.00586EPSS
Exploits1References10Affected Software3
Prion
Prion
added 2022/11/10 6:15 a.m.34 views

Code injection

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...

5CVSS7.4AI score0.01337EPSS
Exploits3References7Affected Software1
Prion
Prion
added 2022/11/07 1:15 p.m.34 views

Out-of-bounds

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those...

7.5CVSS9.3AI score0.02836EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2022/11/01 11:15 p.m.34 views

Type confusion

Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6.8CVSS8.6AI score0.0675EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/11/01 8:15 p.m.34 views

Design/Logic Flaw

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges...

4.4CVSS7.7AI score0.00582EPSS
Exploits0References3Affected Software4
Prion
Prion
added 2022/11/01 8:15 p.m.34 views

Design/Logic Flaw

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution...

6.8CVSS8.8AI score0.00844EPSS
Exploits0References4Affected Software5
Prion
Prion
added 2022/10/25 5:15 p.m.34 views

Path traversal

Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory...

5.5CVSS7.7AI score0.01009EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/10/17 7:15 p.m.34 views

Design/Logic Flaw

A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2capreassemblesdu of the file net/bluetooth/l2capcore.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The...

4CVSS7.3AI score0.0129EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2022/09/26 4:15 p.m.34 views

Design/Logic Flaw

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...

4.3CVSS6.5AI score0.0057EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2022/09/14 6:15 p.m.34 views

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used ...

4.7CVSS6.3AI score0.00698EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/09/13 3:15 p.m.34 views

Sql injection

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the createkillsession interface...

7.5CVSS9.7AI score0.00861EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/09/02 5:15 a.m.34 views

Out-of-bounds

An issue was discovered in net/netfilter/nftablesapi.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain...

1.7CVSS5.7AI score0.00308EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2022/09/01 12:15 p.m.34 views

Input validation

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system file os/net/ipv6/sicslowpan.c contains an input function that processes incoming packets and copies them into a packet buffer. Because of a...

6.5CVSS8.6AI score0.00634EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/08/31 4:15 p.m.34 views

Input validation

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

6.5CVSS8.4AI score0.04271EPSS
Exploits0References9Affected Software3
Prion
Prion
added 2022/08/26 6:15 p.m.34 views

Input validation

A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use...

4CVSS7AI score0.00813EPSS
Exploits0References3Affected Software5
Prion
Prion
added 2022/08/24 4:15 p.m.34 views

Buffer overflow

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...

4.3CVSS9AI score0.0072EPSS
Exploits1References8Affected Software2
Prion
Prion
added 2022/08/24 4:15 p.m.34 views

Design/Logic Flaw

A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this...

4.3CVSS7.8AI score0.00296EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2022/08/19 11:15 p.m.34 views

Heap overflow

A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000printpage function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service...

3.3CVSS6.9AI score0.00437EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2022/08/15 8:15 p.m.34 views

Xxe

Out-of-Band XML External Entity OOB-XXE vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file...

5CVSS7.5AI score0.04305EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/07/20 4:15 p.m.34 views

Design/Logic Flaw

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs...

4CVSS7.2AI score0.00866EPSS
Exploits0References1
Prion
Prion
added 2022/07/19 6:15 p.m.34 views

Integer overflow

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

5CVSS7.9AI score0.17673EPSS
Exploits2References23Affected Software8
Prion
Prion
added 2022/07/18 3:15 p.m.34 views

Out-of-bounds

When sending malicous data to kernel by ioctl cmd FBIOPUTVSCREENINFO,kernel will write memory out of bounds...

4CVSS6.8AI score0.00305EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2022/07/12 7:15 p.m.34 views

Design/Logic Flaw

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under...

1.9CVSS7.1AI score0.04947EPSS
Exploits0References14Affected Software3
Total number of security vulnerabilities5000