Lucene search
K

213680 matches found

Prion
Prion
•added 2024/02/28 9:15 a.m.•28 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: sched: Fix out-of-bound access in uclamp Util-clamp places tasks in different buckets based on their clamp values for performance reasons. However, the size of buckets is currently computed using a rounding division, which can le...

6.7AI score0.0024EPSS
Exploits0References5
Prion
Prion
•added 2024/02/28 9:15 a.m.•15 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: iouring: fix overflows checks in provide buffers Colin reported before possible overflow and sign extension problems in ioprovidebuffersprep. As Linus pointed out previous attempt did nothing useful, see d81269fecb8ce "iouring: f...

7.4AI score0.0026EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•23 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: fix reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented on return in these stm32f7i2cxx serious functions. However, pmruntimegetsync will increment the PM reference...

6.6AI score0.00222EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•41 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix tx skb dma unmap The first pointer in the txp needs to be unmapped as well, otherwise it will leak DMA mapping entries...

6.7AI score0.00222EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•25 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memory leak in mt7615coredumpwork Similar to the issue fixed in mt7921coredumpwork, fix a possible memory leak in mt7615coredumpwork routine...

6.6AI score0.00205EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•21 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-lpspi: Fix PM reference leak in lpspipreparexferhardware pmruntimegetsync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. Fix it by replacing it with...

6.6AI score0.00225EPSS
Exploits0References5
Prion
Prion
•added 2024/02/28 9:15 a.m.•20 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-buil...

6.7AI score0.00246EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•30 views

Cross site request forgery (csrf)

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxsetdefaultcard' function. This makes it possible for unauthenticated attackers to set the...

4.3CVSS4.3AI score0.00295EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•30 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix txrate reporting Properly check rateinfo to fix unexpected reporting. 1215.161863 Call trace: 1215.164307 cfg80211calculatebitrate+0x124/0x200 cfg80211 1215.170139 ieee80211supdatemetric+0x80/0xc0 mac80211...

6.7AI score0.00245EPSS
Exploits0References3
Prion
Prion
•added 2024/02/28 9:15 a.m.•34 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: media: venus: core: Fix some resource leaks in the error path of 'venusprobe' If an error occurs after a successful 'oficcget' call, it must be undone. Use 'devmoficcget' instead of 'oficcget' to avoid the leak. Update the remove...

6.6AI score0.00239EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•17 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when cloning inline extents and using qgroups There are a few exceptional cases where cloning an inline extent needs to copy the inline extent data into a page of the destination inode. When this happens, we e...

6.7AI score0.00181EPSS
Exploits0References3
Prion
Prion
•added 2024/02/28 9:15 a.m.•26 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fsresizefs f2fsresizefs hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA - sync - resize filesystem to 8GB kernel BUG at...

6.6AI score0.00236EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•30 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in getvictim In CP disabling mode, there are two issues when using LFS or SSR | ATSSR mode to select victim: 1. LFS is set to find source section during GC, the victim should have no...

6.7AI score0.00236EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•28 views

Double free

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomispalloccssstatbufs The "s3abuf" is freed along with all the other items on the "asd-s3astats" list. It leads to a double free and a use after free...

6.8AI score0.00224EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•24 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: fix reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented on return in xiicxfer and xiici2cremove. However, pmruntimegetsync will increment the PM reference count even...

6.6AI score0.00225EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•14 views

Cross site request forgery (csrf)

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

4.3CVSS4.4AI score0.00275EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•26 views

Cross site scripting

The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acce...

5.5CVSS5.8AI score0.00444EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•14 views

Improper access control

Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within ...

5.4CVSS6.9AI score0.0046EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 9:15 a.m.•16 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of pad It appears there are several failure return paths that don't seem to be free'ing pad. Fix these. Addresses-Coverity: "Resource leak"...

7.1AI score0.00236EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•21 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Free gadget structure only after freeing endpoints As part of commit e81a7018d93a "usb: dwc3: allocate gadget structure dynamically" the dwc3gadgetrelease was added which will free the dwc-gadget structure upon...

6.6AI score0.00229EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•24 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: crypto: sa2ul - Fix memory leak of rxd There are two error return paths that are not freeing rxd and causing memory leaks. Fix these. Addresses-Coverity: "Resource leak"...

6.7AI score0.00236EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•32 views

Out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: ataflop: potential out of bounds in doformat The function uses "type" as an array index: q = unitdrive.disktype-queue; Unfortunately the bounds check on "type" isn't done until later in the function. Fix this by moving the bounds...

6.7AI score0.00244EPSS
Exploits0References3
Prion
Prion
•added 2024/02/28 9:15 a.m.•24 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ARM: 9064/1: hwbreakpoint: Do not directly check the event's overflowhandler hook The commit 1879445dfa7b "perf/core: Set event's default ::overflowhandler" set a default event-overflowhandler in perfeventalloc, and replace the...

6.7AI score0.00253EPSS
Exploits0References8
Prion
Prion
•added 2024/02/28 9:15 a.m.•24 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix crash in autoretire The retire logic uses the 2 lower bits of the pointer to the retire function to store flags. However, the autoretire function is not guaranteed to be aligned to a multiple of 4, which causes...

6.7AI score0.00232EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•23 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix memory leak in mt7921coredumpwork Fix possible memory leak in mt7921coredumpwork...

6.7AI score0.00614EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•16 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: ACPI: scan: Fix a memory leak in an error handling path If 'acpidevicesetname' fails, we must free 'acpidevicebusid-busid' or there is a potential memory leak...

6.6AI score0.00249EPSS
Exploits0References8
Prion
Prion
•added 2024/02/28 9:15 a.m.•23 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: sctp: do asoc update earlier in sctpsfdodupcooka There's a panic that occurs in a few of envs, the call trace is as below: general protection fault, ... 0x29acd70f1000a: 0000 1 SMP PTI RIP:...

6.8AI score0.0025EPSS
Exploits0References6
Prion
Prion
•added 2024/02/28 9:15 a.m.•20 views

Sql injection

The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cartcontents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

7.5CVSS9.5AI score0.00724EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•25 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: nvmet-rdma: Fix NULL deref when SEND is completed with error When running some traffic and taking down the link on peer, a retry counter exceeded error is received. This leads to nvmetrdmaerrorcomp which tried accessing the...

6.5AI score0.00236EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•15 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode leak on getattr error in fhtodentry...

6.7AI score0.00243EPSS
Exploits0References5
Prion
Prion
•added 2024/02/28 7:15 a.m.•24 views

Server side request forgery (ssrf)

The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApiHtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...

5.5CVSS6.2AI score0.00335EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 7:15 a.m.•23 views

Design/Logic Flaw

ospfteparsete in ospfd/ospfte.c in FRRouting FRR through 9.1 allows remote attackers to cause a denial of service ospfd daemon crash via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field...

7.3AI score0.0032EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 7:15 a.m.•16 views

Design/Logic Flaw

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

4CVSS4.4AI score0.0034EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 7:15 a.m.•31 views

Cross site request forgery (csrf)

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...

4.3CVSS4.3AI score0.0021EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 6:15 a.m.•23 views

Directory traversal

Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...

6.6AI score0.00876EPSS
Exploits1References1
Prion
Prion
•added 2024/02/28 5:15 a.m.•19 views

Design/Logic Flaw

A user who is privileged already manager or admin can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack...

5.5CVSS7.1AI score0.00717EPSS
Exploits1References2
Prion
Prion
•added 2024/02/28 3:15 a.m.•19 views

Heap overflow

A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code...

5.1CVSS8AI score0.00773EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 3:15 a.m.•10 views

Design/Logic Flaw

The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code...

5.8CVSS7.4AI score0.00976EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 3:15 a.m.•12 views

Memory corruption

A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code...

5.1CVSS7.9AI score0.00773EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 2:15 a.m.•18 views

Buffer overflow

A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code...

5.1CVSS8.2AI score0.00772EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 1:15 a.m.•36 views

Cross site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333...

5.8CVSS6.2AI score0.00394EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 12:15 a.m.•29 views

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout...

4.3CVSS7.2AI score0.00383EPSS
Exploits1References1
Prion
Prion
•added 2024/02/28 12:15 a.m.•50 views

Code injection

Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. Handling a malicious response could cause extreme CPU and memory usage during the parsing of its content, due to the use of vulnerable regular expressions for that parsing...

5CVSS7.1AI score0.00553EPSS
Exploits1References2
Prion
Prion
•added 2024/02/27 11:15 p.m.•28 views

Cross site scripting

A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim...

5.8CVSS5.9AI score0.00358EPSS
Exploits0References1
Prion
Prion
•added 2024/02/27 11:15 p.m.•22 views

Design/Logic Flaw

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access...

4CVSS6.8AI score0.00354EPSS
Exploits0References1
Prion
Prion
•added 2024/02/27 11:15 p.m.•20 views

Design/Logic Flaw

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access...

4.3CVSS6.8AI score0.00516EPSS
Exploits0References1
Prion
Prion
•added 2024/02/27 10:15 p.m.•20 views

Design/Logic Flaw

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

5.8CVSS7.9AI score0.00928EPSS
Exploits0References1
Prion
Prion
•added 2024/02/27 10:15 p.m.•18 views

Design/Logic Flaw

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

5.8CVSS7.9AI score0.00924EPSS
Exploits0References1
Prion
Prion
•added 2024/02/27 10:15 p.m.•18 views

Design/Logic Flaw

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

5.8CVSS7.9AI score0.00924EPSS
Exploits0References1
Prion
Prion
•added 2024/02/27 10:15 p.m.•20 views

Design/Logic Flaw

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

5.8CVSS7.9AI score0.00928EPSS
Exploits0References1
Total number of security vulnerabilities213680