Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2021/03/15 5:15 p.m.•32 views

Cross site scripting

Cross-site Scripting XSS vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages...

4.3CVSS6.8AI score0.05072EPSS
Exploits9References3Affected Software1
Prion
Prion
•added 2021/03/12 7:15 p.m.•32 views

Design/Logic Flaw

Adobe Creative Cloud Desktop Application version 5.3 and earlier is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction...

4.4CVSS7.2AI score0.01081EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/03/11 3:15 a.m.•32 views

Design/Logic Flaw

swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary...

2.1CVSS5.9AI score0.00414EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2021/03/09 6:15 p.m.•32 views

Heap overflow

Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.6AI score0.0191EPSS
Exploits1References8Affected Software3
Prion
Prion
•added 2021/02/26 5:15 p.m.•32 views

Path traversal

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via t...

3.5CVSS6.2AI score0.01177EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2021/02/25 11:15 p.m.•32 views

Privilege escalation

Windows Win32k Elevation of Privilege Vulnerability...

4.6CVSS7.8AI score0.78376EPSS
Exploits21References3Affected Software2
Prion
Prion
•added 2021/02/22 10:15 p.m.•32 views

Heap overflow

Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.9AI score0.01273EPSS
Exploits1References5Affected Software2
Prion
Prion
•added 2021/02/17 2:15 p.m.•32 views

Integer overflow

Integer overflow in the firmware for some IntelR Graphics Drivers for Windows before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access...

4.6CVSS7.5AI score0.00359EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/02/10 7:15 p.m.•32 views

Hardcoded credentials

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP...

7.5CVSS9.5AI score0.23633EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2021/02/03 4:15 p.m.•32 views

Code injection

In JetBrains YouTrack before 2020.5.3123, server-side template injection SSTI was possible, which could lead to code execution...

7.5CVSS9.6AI score0.0347EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2021/02/03 12:15 a.m.•32 views

Command injection

In mobilelogd, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID:...

4.6CVSS7AI score0.0033EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/01/27 8:15 a.m.•32 views

Heap overflow

jp2decode in jp2/jp2dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components...

4.3CVSS6AI score0.01107EPSS
Exploits1References3Affected Software2
Prion
Prion
•added 2021/01/22 7:15 p.m.•32 views

Null pointer dereference

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd...

4CVSS5.1AI score0.01013EPSS
Exploits1References1Affected Software12
Prion
Prion
•added 2021/01/20 3:15 p.m.•32 views

Design/Logic Flaw

Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Proxy User Delegation. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Us...

4CVSS3.7AI score0.00912EPSS
Exploits0References1Affected Software3
Prion
Prion
•added 2021/01/20 3:15 p.m.•32 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.8CVSS4.8AI score0.02157EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2021/01/18 12:15 p.m.•32 views

Design/Logic Flaw

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

5.8CVSS6.3AI score0.01837EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2021/01/14 12:15 a.m.•32 views

Heap overflow

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity all versions, OPC-Aggregator all versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are...

6.4CVSS9.1AI score0.04941EPSS
Exploits0References1Affected Software5
Prion
Prion
•added 2021/01/13 10:15 p.m.•32 views

Input validation

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of...

9CVSS7.2AI score0.02371EPSS
Exploits0References1Affected Software5
Prion
Prion
•added 2021/01/13 10:15 p.m.•32 views

Cross site scripting

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to improper input...

3.5CVSS5.2AI score0.00614EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/01/13 10:15 p.m.•32 views

Input validation

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

9CVSS7.2AI score0.02194EPSS
Exploits0References1Affected Software4
Prion
Prion
•added 2021/01/13 6:15 p.m.•32 views

Information disclosure

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the...

3.3CVSS4.3AI score0.73006EPSS
Exploits15References1Affected Software1
Prion
Prion
•added 2021/01/12 3:15 p.m.•32 views

Cross site scripting

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored...

3.5CVSS5.3AI score0.00529EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/01/12 9:15 a.m.•32 views

Buffer overflow

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations...

5.8CVSS7.5AI score0.01498EPSS
Exploits0References4Affected Software3
Prion
Prion
•added 2021/01/05 6:15 p.m.•32 views

Null pointer dereference

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability...

4.3CVSS6.4AI score0.01443EPSS
Exploits0References7Affected Software11
Prion
Prion
•added 2020/12/26 2:15 a.m.•32 views

Code injection

GNOME gdk-pixbuf aka GdkPixbuf before 2.42.2 allows a denial of service infinite loop in lzw.c in the function writeindexes. if c-selfcode equals 10, self-codetable10.extends will assign the value 11 to c. The next execution in the loop will assign self-codetable11.extends to c, which will give t...

4.3CVSS5.4AI score0.01477EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2020/12/14 10:15 p.m.•32 views

Design/Logic Flaw

In doepollctl and eploopcheckproc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro...

7.2CVSS7.6AI score0.00268EPSS
Exploits0References1
Prion
Prion
•added 2020/12/12 7:15 p.m.•32 views

Authentication flaw

An issue was discovered in the LogMein LastPass Password Manager aka com.lastpass.ilastpass app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authentica...

3.3CVSS5.9AI score0.00474EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2020/12/12 12:15 a.m.•32 views

Format string

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5CVSS6.9AI score0.04352EPSS
Exploits1References4Affected Software3
Prion
Prion
•added 2020/12/04 7:15 a.m.•32 views

Code injection

The iconv function in the GNU C Library aka glibc or libc6 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service...

2.1CVSS6AI score0.01512EPSS
Exploits1References5Affected Software3
Prion
Prion
•added 2020/12/01 3:15 a.m.•32 views

Code injection

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting...

3.6CVSS5.1AI score0.03236EPSS
Exploits4References6Affected Software3
Prion
Prion
•added 2020/11/26 2:15 a.m.•32 views

Denial of service

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to th...

4.9CVSS5.5AI score0.00431EPSS
Exploits1References5Affected Software3
Prion
Prion
•added 2020/11/24 11:15 p.m.•32 views

Code injection

Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow use...

4.9CVSS8.4AI score0.01296EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2020/11/19 7:15 p.m.•32 views

Code injection

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

6.8CVSS7.6AI score0.84554EPSS
Exploits4References12Affected Software4
Prion
Prion
•added 2020/11/18 5:15 p.m.•32 views

Code injection

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...

5.1CVSS7.9AI score0.02244EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2020/11/05 9:15 p.m.•32 views

Design/Logic Flaw

A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the...

3.3CVSS7AI score0.05714EPSS
Exploits4References3Affected Software1
Prion
Prion
•added 2020/11/02 9:15 p.m.•32 views

Design/Logic Flaw

In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement...

5CVSS7.2AI score0.02041EPSS
Exploits1References6Affected Software3
Prion
Prion
•added 2020/10/21 3:15 p.m.•32 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.8CVSS4.9AI score0.0183EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2020/10/21 3:15 p.m.•32 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS6.1AI score0.02426EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2020/10/19 1:15 p.m.•32 views

Design/Logic Flaw

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...

5CVSS5.1AI score0.0047EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2020/10/16 2:15 p.m.•32 views

Privilege escalation

The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in th...

6.5CVSS7.3AI score0.87528EPSS
Exploits4References2Affected Software1
Prion
Prion
•added 2020/10/01 7:15 p.m.•32 views

Information disclosure

A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox 80 and Firefox for Android 80...

4.3CVSS5.2AI score0.00535EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2020/09/16 12:15 a.m.•32 views

Design/Logic Flaw

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threa...

2.1CVSS5.9AI score0.00397EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2020/09/15 8:15 p.m.•32 views

Out-of-bounds

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system...

2.1CVSS5.6AI score0.00356EPSS
Exploits0References10Affected Software4
Prion
Prion
•added 2020/09/14 9:15 p.m.•32 views

Design/Logic Flaw

An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964...

5CVSS7.6AI score0.04342EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2020/09/10 7:15 p.m.•32 views

Stack overflow

Adobe FrameMaker version 2019.0.6 and earlier versions lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This could be exploited to execute arbitrary code with the privileges of the current user. User interaction is required to...

6.8CVSS7.8AI score0.03728EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2020/09/09 4:15 p.m.•32 views

Command injection

The File Manager wp-file-manager plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile and p...

7.5CVSS9.9AI score0.97328EPSS
Exploits14References9Affected Software1
Prion
Prion
•added 2020/09/09 2:15 p.m.•32 views

Design/Logic Flaw

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

4.3CVSS5AI score0.04803EPSS
Exploits0References10Affected Software15
Prion
Prion
•added 2020/08/26 2:15 p.m.•32 views

Stack overflow

HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code...

10CVSS9.6AI score0.02905EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2020/08/17 7:15 p.m.•32 views

Privilege escalation

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The securi...

4.6CVSS7.7AI score0.00795EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2020/08/14 4:15 p.m.•32 views

Default configuration

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server...

3.3CVSS7.9AI score0.18566EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000