Lucene search
K

213680 matches found

Prion
Prion
•added 2024/03/06 7:15 a.m.•31 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt Syz report UBSAN: array-index-out-of-bounds in fs/jfs/jfsimap.c:2360:2 index -878706688 is out of range for type 'struct iagctl128' CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted...

6.9AI score0.00249EPSS
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•21 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control fpc register of a traced process is modified with the ptrace interface the new value is tested for validity by temporarily loading...

7.3AI score0.00242EPSS
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•23 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfsdtree.c:1971:9 index -2 is out of range for type...

7AI score0.00289EPSS
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•15 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix out of bounds access for empty sysctl registers When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory used for mounts. This check evaluates the first elemen...

7.1AI score0.00228EPSS
Exploits0References3
Prion
Prion
•added 2024/03/06 7:15 a.m.•21 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues are forced to stop in hardware interface. However, mac80211 will not automatically stop the queue. ...

6.7AI score0.00174EPSS
Exploits0References7
Prion
Prion
•added 2024/03/06 7:15 a.m.•20 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfsevictinode When the execution of diMountipimap fails, the object ipimap that has been released may be accessed in diFreeSpecial. Asynchronous ipimap release occurs when rcucore calls jfsfreenode. Therefore, whe...

7.2AI score0.00281EPSS
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•26 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:2867:6 index 196694 is out of range for type 's81365' aka 'signed char1365' CPU: 1...

7.3AI score0.00249EPSS
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•21 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds Read in dtSearch Currently while searching for current page in the sorted entry table of the page there is a out of bound access. Added a bound check to fix the error. Dave: Set return code to -EIO...

7.3AI score0.00249EPSS
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•24 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: afunix: fix lockdep positive in skdiagdumpicons syzbot reported a lockdep splat 1. Blamed commit hinted about the possible lockdep violation, and code used unixstatelocknested in an attempt to silence lockdep. It is not sufficien...

6.8AI score
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•21 views

Race condition

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...

7AI score0.0016EPSS
Exploits0References2
Prion
Prion
•added 2024/03/06 7:15 a.m.•35 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmtstree. To add the required check added the bool isctl which is required to determine the size as...

7AI score0.00249EPSS
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•29 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used and the parent dir wil...

6.8AI score0.00182EPSS
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•15 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvmarchvcpuioctlsetfpu allows to set the floating point control fpc register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may le...

7.1AI score0.00231EPSS
Exploits0References8
Prion
Prion
•added 2024/03/06 7:15 a.m.•17 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating the priv-multicastlist in ipoibmcastjointask opens a window for ipoibmcastdevflush to remove the items while in the middle of iteration. If the mcast is...

7.2AI score0.00309EPSS
Exploits1References8
Prion
Prion
•added 2024/03/06 6:15 a.m.•24 views

Design/Logic Flaw

The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...

5CVSS5AI score0.00406EPSS
Exploits0References3
Prion
Prion
•added 2024/03/06 6:15 a.m.•16 views

Cross site scripting

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'SassySocialShare' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied attributes such a...

5.5CVSS5.6AI score0.00505EPSS
Exploits0References6
Prion
Prion
•added 2024/03/06 6:15 a.m.•27 views

Cross site request forgery (csrf)

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssafactoryreset function. This makes it...

4.3CVSS4.3AI score0.00268EPSS
Exploits0References3
Prion
Prion
•added 2024/03/06 2:15 a.m.•18 views

Stack overflow

A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of...

6.4CVSS8.1AI score0.00661EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 1:15 a.m.•12 views

Cross site scripting

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customersupport/index.php?page=newcustomer...

5.9AI score0.0045EPSS
Exploits1References2
Prion
Prion
•added 2024/03/06 1:15 a.m.•13 views

Cross site scripting

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customersupport/index.php?page=customerlist...

5.9AI score0.0045EPSS
Exploits1References2
Prion
Prion
•added 2024/03/06 1:15 a.m.•10 views

Cross site scripting

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customersupport/index.php?page=customerlist...

5.9AI score0.00433EPSS
Exploits1References2
Prion
Prion
•added 2024/03/06 1:15 a.m.•12 views

Cross site scripting

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customersupport/index.php?page=newticket...

5.9AI score0.00466EPSS
Exploits4References2
Prion
Prion
•added 2024/03/06 1:15 a.m.•16 views

Sql injection

Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id="...

8.6AI score0.00404EPSS
Exploits0References2
Prion
Prion
•added 2024/03/06 1:15 a.m.•20 views

Cross site scripting

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customersupport/index.php?page=customerlist...

5.9AI score0.0045EPSS
Exploits1References2
Prion
Prion
•added 2024/03/06 12:15 a.m.•18 views

Improper access control

An issue in Multilaser RE160V firmware v12.03.01.09pt and Multilaser RE163V firmware v12.03.01.10pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header...

7.4AI score0.15528EPSS
Exploits3References1
Prion
Prion
•added 2024/03/06 12:15 a.m.•20 views

Improper access control

Multilaser RE160 v5.07.51ptMTL01 and v5.07.52ptMTL01, Multilaser RE160V v12.03.01.08pt and V12.03.01.09pt, and Multilaser RE163V v12.03.01.08pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL...

7.2AI score0.00962EPSS
Exploits5References1
Prion
Prion
•added 2024/03/06 12:15 a.m.•19 views

Improper access control

An issue in Multilaser RE160 firmware v5.07.51ptMTL01 and v5.07.52ptMTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie...

7.4AI score0.00785EPSS
Exploits3References1
Prion
Prion
•added 2024/03/06 12:15 a.m.•16 views

Design/Logic Flaw

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests...

6.5CVSS7.3AI score0.01137EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2024/03/06 12:15 a.m.•32 views

Buffer overflow

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components...

7.6AI score0.00267EPSS
Exploits0References2
Prion
Prion
•added 2024/03/06 12:15 a.m.•29 views

Cross site request forgery (csrf)

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request...

6.8AI score0.00697EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 12:15 a.m.•22 views

Cross site scripting

OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users...

6.2AI score0.0034EPSS
Exploits0References2
Prion
Prion
•added 2024/03/05 11:15 p.m.•15 views

Cross site scripting

Cross Site Scripting XSS vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components...

5.8AI score0.00869EPSS
Exploits1References1
Prion
Prion
•added 2024/03/05 11:15 p.m.•38 views

Design/Logic Flaw

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...

6.6AI score0.00795EPSS
Exploits0References4
Prion
Prion
•added 2024/03/05 11:15 p.m.•24 views

Authorization

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...

6.9AI score0.0108EPSS
Exploits0References4
Prion
Prion
•added 2024/03/05 11:15 p.m.•20 views

Design/Logic Flaw

An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function...

6.6AI score0.00708EPSS
Exploits1References1
Prion
Prion
•added 2024/03/05 11:15 p.m.•21 views

Cross site scripting

Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function...

6.2AI score0.00869EPSS
Exploits1References1
Prion
Prion
•added 2024/03/05 11:15 p.m.•18 views

Design/Logic Flaw

An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on...

6.3AI score0.00312EPSS
Exploits0References1
Prion
Prion
•added 2024/03/05 11:15 p.m.•25 views

Design/Logic Flaw

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.1AI score0.01262EPSS
Exploits0References2
Prion
Prion
•added 2024/03/05 11:15 p.m.•16 views

Design/Logic Flaw

An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component...

7.5AI score0.00969EPSS
Exploits1References1
Prion
Prion
•added 2024/03/05 11:15 p.m.•25 views

Directory traversal

Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component...

6.7AI score0.00879EPSS
Exploits1References1
Prion
Prion
•added 2024/03/05 11:15 p.m.•21 views

Design/Logic Flaw

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...

6.7AI score0.00667EPSS
Exploits0References4
Prion
Prion
•added 2024/03/05 11:15 p.m.•22 views

Design/Logic Flaw

The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...

6.7AI score0.01042EPSS
Exploits0References4
Prion
Prion
•added 2024/03/05 11:15 p.m.•20 views

Design/Logic Flaw

When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...

7.1AI score0.01165EPSS
Exploits0References4
Prion
Prion
•added 2024/03/05 10:15 p.m.•15 views

Improper access control

Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator...

7AI score0.00204EPSS
Exploits0References1
Prion
Prion
•added 2024/03/05 10:15 p.m.•21 views

Design/Logic Flaw

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The use...

7.2AI score0.00228EPSS
Exploits0References1
Prion
Prion
•added 2024/03/05 10:15 p.m.•29 views

Authentication flaw

Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable...

6.8AI score0.00339EPSS
Exploits0References1
Prion
Prion
•added 2024/03/05 10:15 p.m.•16 views

Input validation

Improper privilege management in Just-in-time JIT elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances...

7.1AI score0.00362EPSS
Exploits0References1
Prion
Prion
•added 2024/03/05 9:15 p.m.•22 views

Command injection

In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters of commands...

7.9AI score0.00205EPSS
Exploits0References1
Prion
Prion
•added 2024/03/05 9:15 p.m.•18 views

Command injection

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

5.8CVSS8.4AI score0.0124EPSS
Exploits0References1
Prion
Prion
•added 2024/03/05 9:15 p.m.•17 views

Command injection

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

5.8CVSS8.4AI score0.0124EPSS
Exploits0References1
Total number of security vulnerabilities213680