Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2022/04/27 8:15 p.m.32 views

Null pointer dereference

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and...

2.1CVSS6AI score0.01498EPSS
Exploits1References10Affected Software3
Prion
Prion
added 2022/04/25 4:16 p.m.32 views

Design/Logic Flaw

PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length...

4.3CVSS7.4AI score0.01779EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2022/04/25 11:15 a.m.32 views

Default configuration

In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...

6.8CVSS9AI score0.08057EPSS
Exploits4References2Affected Software1
Prion
Prion
added 2022/04/15 7:15 p.m.32 views

Remote code execution

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

10CVSS9.6AI score0.91316EPSS
Exploits14References1Affected Software5
Prion
Prion
added 2022/04/11 8:15 p.m.32 views

Race condition

In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05881290; Issue ID: ALPS05881290...

6.9CVSS6.7AI score0.00098EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/04/08 8:15 p.m.32 views

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and...

4.3CVSS5.1AI score0.00985EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/04/05 4:15 p.m.32 views

Unrestricted file upload

File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and .hello files using the Media Files upload functionality. The original file upload vulnerability CVE-2020-27387 was remediated by restricting the PHP extensions; however, we confirmed that the filter was...

7.5CVSS9AI score0.18461EPSS
Exploits4References2Affected Software1
Prion
Prion
added 2022/04/01 11:15 p.m.32 views

Remote code execution

A remote code execution vulnerability due to incomplete check for 'xheaderdecodepathrecord' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function...

7.5CVSS9.8AI score0.01065EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/04/01 11:15 p.m.32 views

Design/Logic Flaw

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system...

7.2CVSS7.3AI score0.00453EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2022/03/23 2:15 p.m.32 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27666. Reason: This candidate is a reservation duplicate of CVE-2022-27666. Notes: All CVE users should reference CVE-2022-27666 instead of this candidate. All references and descriptions in this candidate have been removed t...

8.1AI score0.05524EPSS
Exploits2
Prion
Prion
added 2022/03/18 6:15 p.m.32 views

Information disclosure

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application...

9.3CVSS7.5AI score0.01688EPSS
Exploits0References5Affected Software5
Prion
Prion
added 2022/03/18 6:15 p.m.32 views

Cross site scripting

A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information...

4.3CVSS6.3AI score0.00815EPSS
Exploits0References5Affected Software6
Prion
Prion
added 2022/03/14 9:15 p.m.32 views

Heap overflow

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563...

4.6CVSS7.7AI score0.00698EPSS
Exploits1References10Affected Software4
Prion
Prion
added 2022/03/10 5:47 p.m.32 views

Design/Logic Flaw

"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allowsubdomains is set to false. Fixed in Vault Enterprise 1.8.9...

3.5CVSS6.6AI score0.00549EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/03/10 5:47 p.m.32 views

Spoofing

DISPUTED In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under...

7.5CVSS9.3AI score0.02928EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2022/03/09 5:15 p.m.32 views

Remote code execution

VP9 Video Extensions Remote Code Execution Vulnerability...

6.8CVSS8AI score0.02487EPSS
Exploits0References1
Prion
Prion
added 2022/03/09 5:15 p.m.32 views

Spoofing

Microsoft Exchange Server Spoofing Vulnerability...

4CVSS6.8AI score0.31799EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/22 11:15 p.m.32 views

Design/Logic Flaw

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use...

4.3CVSS7.6AI score0.01046EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/11 11:15 p.m.32 views

Design/Logic Flaw

Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.8AI score0.07836EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/11 10:15 p.m.32 views

Design/Logic Flaw

In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification...

4.3CVSS5.4AI score0.00629EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/09 11:15 p.m.32 views

Authentication flaw

The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perfo...

7.5CVSS9.3AI score0.0067EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/09 5:15 p.m.32 views

Information disclosure

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability...

7.8CVSS7.3AI score0.43618EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2022/02/09 5:15 p.m.32 views

Privilege escalation

Windows Kernel Elevation of Privilege Vulnerability...

6.9CVSS7.7AI score0.03193EPSS
Exploits0References1Affected Software5
Prion
Prion
added 2022/02/07 8:15 p.m.32 views

Null pointer dereference

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash...

4.9CVSS5.4AI score0.00212EPSS
Exploits0References1
Prion
Prion
added 2022/01/29 10:15 p.m.32 views

Design/Logic Flaw

kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace...

6.9CVSS7.5AI score0.0101EPSS
Exploits2References6Affected Software2
Prion
Prion
added 2022/01/27 6:15 p.m.32 views

Remote code execution

Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.phpactionlog...

6.5CVSS9.5AI score0.02297EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/01/19 12:15 p.m.32 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4CVSS3.2AI score0.01658EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2022/01/19 12:15 p.m.32 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS3.3AI score0.00878EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/01/19 12:15 p.m.32 views

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5CVSS4.7AI score0.03782EPSS
Exploits0References7Affected Software7
Prion
Prion
added 2022/01/19 12:15 p.m.32 views

Design/Logic Flaw

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

4CVSS5.6AI score0.02686EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/01/11 4:15 p.m.32 views

Design/Logic Flaw

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for...

1.2CVSS3.8AI score0.00376EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/01/10 2:10 p.m.32 views

Design/Logic Flaw

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

4CVSS5.2AI score0.01268EPSS
Exploits0References2Affected Software3
Prion
Prion
added 2021/12/30 10:15 p.m.32 views

Design/Logic Flaw

Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file...

4.3CVSS6.1AI score0.01426EPSS
Exploits1References7Affected Software4
Prion
Prion
added 2021/12/26 1:15 a.m.32 views

Integer overflow

Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface TCP port 20005 cannot be ruled out; however, exploitability was judged to be of "rather significant...

7.5CVSS9.6AI score0.02513EPSS
Exploits1References2Affected Software3
Prion
Prion
added 2021/12/25 1:15 a.m.32 views

Design/Logic Flaw

In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889...

4.3CVSS7.2AI score0.01932EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/12/23 1:15 a.m.32 views

Design/Logic Flaw

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS9AI score0.00813EPSS
Exploits0References4Affected Software3
Prion
Prion
added 2021/12/15 3:15 p.m.32 views

Remote code execution

Windows Encrypting File System EFS Remote Code Execution Vulnerability...

7.5CVSS9.6AI score0.06419EPSS
Exploits0References1Affected Software6
Prion
Prion
added 2021/12/15 3:15 p.m.32 views

Privilege escalation

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability...

4.6CVSS7.7AI score0.00716EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2021/12/15 3:15 p.m.32 views

Privilege escalation

Windows Encrypting File System EFS Elevation of Privilege Vulnerability...

6CVSS7.5AI score0.06615EPSS
Exploits3References2Affected Software6
Prion
Prion
added 2021/12/14 8:15 p.m.32 views

Design/Logic Flaw

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interfac...

4CVSS7.3AI score0.01964EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2021/12/09 10:15 a.m.32 views

Authorization

An improper authorization vulnerabiltiy CWE-285 in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater...

5CVSS5.4AI score0.00572EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/08 5:15 a.m.32 views

Buffer overflow

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c...

4.6CVSS7.2AI score0.00505EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/12/07 5:15 p.m.32 views

Sql injection

PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2...

7.5CVSS9.7AI score0.04133EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2021/12/01 11:15 a.m.32 views

Heap overflow

vim is vulnerable to Heap-based Buffer Overflow...

6.8CVSS7.1AI score0.01461EPSS
Exploits1References7Affected Software3
Prion
Prion
added 2021/11/23 4:15 p.m.32 views

Design/Logic Flaw

A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High...

4.6CVSS7.6AI score0.00328EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/11/17 8:15 p.m.32 views

Design/Logic Flaw

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

4CVSS5.1AI score0.02085EPSS
Exploits0References11Affected Software3
Prion
Prion
added 2021/11/12 6:15 p.m.32 views

Design/Logic Flaw

OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of @openzeppelin/contracts and...

7.5CVSS9.3AI score0.01439EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/11/04 7:15 p.m.32 views

Out-of-bounds

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detachcapictr function in drivers/isdn/capi/kcapi.c...

2.1CVSS6.2AI score0.00669EPSS
Exploits1References10Affected Software6
Prion
Prion
added 2021/10/28 7:15 p.m.32 views

Hardcoded credentials

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS...

4CVSS5.9AI score0.02075EPSS
Exploits0References7Affected Software6
Prion
Prion
added 2021/10/21 8:15 p.m.32 views

Design/Logic Flaw

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...

6.5CVSS7.2AI score0.55729EPSS
Exploits6References7Affected Software1
Total number of security vulnerabilities5000