Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2024/02/12 3:15 a.m.32 views

Design/Logic Flaw

dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount...

1.7CVSS7.3AI score0.00249EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2024/02/11 5:15 a.m.32 views

Code injection

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...

7.3AI score0.00814EPSS
Exploits0References3
Prion
Prion
added 2024/02/06 11:15 p.m.32 views

Design/Logic Flaw

A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument picurl leads to unrestricted upload. It is...

6.5CVSS7.2AI score0.00592EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2024/02/06 8:16 p.m.32 views

Remote file inclusion

Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information...

3.3CVSS6.7AI score0.00615EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/02/06 9:15 a.m.32 views

Input validation

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

5CVSS7AI score0.0072EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2024/02/05 10:16 p.m.32 views

Design/Logic Flaw

The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content...

5CVSS7.1AI score0.00482EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/02/05 9:15 p.m.32 views

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

5CVSS7.2AI score0.00255EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/01/24 8:15 p.m.32 views

Input validation

Trillium is a composable toolkit for building internet applications with async rust. In trillium-http prior to 0.3.12 and trillium-client prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...

5.1CVSS7.2AI score0.00632EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2024/01/24 6:15 p.m.32 views

Design/Logic Flaw

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system...

7.5CVSS7.5AI score0.99999EPSS
Exploits46References4Affected Software1
Prion
Prion
added 2024/01/23 1:15 a.m.32 views

Type confusion

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited...

6.8CVSS8.5AI score0.10593EPSS
Exploits6References3Affected Software6
Prion
Prion
added 2024/01/22 9:15 p.m.32 views

Code injection

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file...

5CVSS7AI score0.00395EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2024/01/18 4:15 p.m.32 views

Design/Logic Flaw

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource as with a GetGeometry or when it creates another resource that needs to access that buffer, such as...

1.7CVSS6.9AI score0.00321EPSS
Exploits0References9Affected Software12
Prion
Prion
added 2024/01/17 4:15 p.m.32 views

Design/Logic Flaw

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

4.3CVSS7.1AI score0.00308EPSS
Exploits0References19Affected Software2
Prion
Prion
added 2024/01/12 10:15 p.m.32 views

Authorization

A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been...

4CVSS7.1AI score0.00463EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2024/01/12 5:15 p.m.32 views

Sql injection

A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to laun...

6.5CVSS7.7AI score0.005EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2024/01/12 11:15 a.m.32 views

Path traversal

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...

7.5CVSS7.7AI score0.01523EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/01/11 7:15 p.m.32 views

Race condition

An issue was discovered in the Linux kernel before 6.6.8. roseioctl in net/rose/afrose.c has a use-after-free because of a roseaccept race condition...

3.5CVSS6.9AI score0.00305EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2024/01/09 6:15 p.m.32 views

Privilege escalation

Windows Kernel Elevation of Privilege Vulnerability...

4.3CVSS7AI score0.08647EPSS
Exploits1References1Affected Software9
Prion
Prion
added 2024/01/09 6:15 p.m.32 views

Remote code execution

A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have acces...

4.4CVSS7.8AI score0.0326EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2024/01/05 5:15 p.m.32 views

Design/Logic Flaw

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

1.7CVSS5.5AI score0.02501EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/22 9:15 p.m.32 views

Arbitrary file deletion

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of gradio prior to 4.11.0 contained a vulnerability in the /file route which made them susceptible to file traversal...

5CVSS7AI score0.0228EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/12/22 5:15 p.m.32 views

Cross site scripting

Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in...

4.3CVSS6.5AI score0.01268EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2023/12/22 5:15 p.m.32 views

Design/Logic Flaw

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the pollers.php script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the pollers.php. Impact of...

6.5CVSS8.3AI score0.84628EPSS
Exploits4References3Affected Software1
Prion
Prion
added 2023/12/12 6:15 p.m.32 views

Information disclosure

DHCP Server Service Information Disclosure Vulnerability...

5CVSS6.8AI score0.01998EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/12/12 6:15 p.m.32 views

Information disclosure

DHCP Server Service Information Disclosure Vulnerability...

5CVSS6.8AI score0.02646EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/11 7:15 p.m.32 views

Null pointer dereference

A null pointer dereference vulnerability was found in dpllpinparentpinset in drivers/dpll/dpllnetlink.c in the Digital Phase Locked Loop DPLL subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service...

1.7CVSS6.9AI score0.00309EPSS
Exploits0References8Affected Software2
Prion
Prion
added 2023/12/06 5:15 a.m.32 views

Sql injection

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution RCE on an affected instance. Publicly accessible Confluence Da...

5.1CVSS7.7AI score0.12844EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/12/05 3:15 a.m.32 views

Memory corruption

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call...

4.3CVSS7.5AI score0.00892EPSS
Exploits0References1
Prion
Prion
added 2023/11/30 2:15 p.m.32 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting XSS.This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1...

6.8CVSS6.8AI score0.00311EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/11/22 4:15 p.m.32 views

Authentication flaw

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...

5.1CVSS6AI score0.06801EPSS
Exploits4References3Affected Software1
Prion
Prion
added 2023/11/20 8:15 p.m.32 views

Buffer overflow

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd...

7.5CVSS8.2AI score0.01203EPSS
Exploits3References1Affected Software4
Prion
Prion
added 2023/11/16 11:15 p.m.33 views

Design/Logic Flaw

Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with evaluetoolarge. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit...

4.3CVSS6.8AI score0.00749EPSS
Exploits0References7Affected Software2
Prion
Prion
added 2023/11/16 11:15 p.m.32 views

Command injection

Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAXINT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit 73b2d379 which...

4.3CVSS7.1AI score0.00688EPSS
Exploits0References7Affected Software2
Prion
Prion
added 2023/11/16 11:15 p.m.32 views

Design/Logic Flaw

Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This...

4.3CVSS7.1AI score0.00749EPSS
Exploits0References7Affected Software2
Prion
Prion
added 2023/11/16 3:15 p.m.32 views

Heap overflow

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer...

4CVSS7.2AI score0.01643EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/11/15 12:15 a.m.32 views

Authorization

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access...

6.5CVSS7.5AI score0.0066EPSS
Exploits0References1Affected Software4
Prion
Prion
added 2023/11/14 7:15 p.m.32 views

Denial of service

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service...

2.6CVSS6.7AI score0.00257EPSS
Exploits0References3Affected Software89
Prion
Prion
added 2023/11/14 6:15 p.m.32 views

Privilege escalation

Windows Kernel Elevation of Privilege Vulnerability...

3.5CVSS7AI score0.00363EPSS
Exploits0References1Affected Software8
Prion
Prion
added 2023/11/13 10:15 a.m.32 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in LionScripts.Com Webmaster Tools allows Stored XSS.This issue affects Webmaster Tools: from n/a through 2.0...

5.8CVSS7.1AI score0.00204EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/13 3:15 a.m.32 views

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56...

3.3CVSS7.1AI score0.00421EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/09 8:15 p.m.32 views

Remote code execution

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers...

6.5CVSS7.9AI score0.0193EPSS
Exploits0References3Affected Software3
Prion
Prion
added 2023/11/06 6:15 a.m.32 views

Code injection

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter...

7.5CVSS8.3AI score0.14422EPSS
Exploits4References4Affected Software1
Prion
Prion
added 2023/11/03 2:15 p.m.32 views

Code injection

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...

3.5CVSS6.8AI score0.00231EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2023/11/03 4:15 a.m.32 views

Code injection

Kyocera TASKalfa 4053ci printers through 2VGS000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error...

5CVSS5.3AI score0.06749EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2023/10/27 9:15 p.m.32 views

Information disclosure

In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

1.7CVSS3.8AI score0.00184EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/10/27 5:15 a.m.32 views

Security feature bypass

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...

4.3CVSS7.2AI score0.00667EPSS
Exploits0References7Affected Software4
Prion
Prion
added 2023/10/25 9:15 p.m.32 views

Design/Logic Flaw

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

5CVSS5.1AI score0.00766EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.32 views

Design/Logic Flaw

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to...

2.1CVSS5.7AI score0.00536EPSS
Exploits2References7Affected Software2
Prion
Prion
added 2023/10/20 8:15 a.m.32 views

Sql injection

The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's horizontal-scrolling shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

6.5CVSS8.6AI score0.00725EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/10/19 3:15 p.m.32 views

Remote code execution

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server...

7.5CVSS9.7AI score0.02376EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000