Lucene search
K

213680 matches found

Prion
Prion
•added 2024/02/17 5:15 a.m.•23 views

Open redirect

All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirecturl parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this...

5.8CVSS7.1AI score0.00503EPSS
Exploits0References3
Prion
Prion
•added 2024/02/17 5:15 a.m.•16 views

Design/Logic Flaw

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication 2FA. Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this...

4CVSS7.4AI score0.00535EPSS
Exploits1References3
Prion
Prion
•added 2024/02/17 5:15 a.m.•18 views

Input validation

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead ...

5CVSS7.1AI score0.00722EPSS
Exploits0References3
Prion
Prion
•added 2024/02/17 5:15 a.m.•18 views

Cross site scripting

All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...

5.8CVSS5.8AI score0.00576EPSS
Exploits1References3
Prion
Prion
•added 2024/02/17 5:15 a.m.•21 views

Server side request forgery (ssrf)

All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery SSRF via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by...

5CVSS7.3AI score0.00554EPSS
Exploits1References3
Prion
Prion
•added 2024/02/17 5:15 a.m.•47 views

Authentication flaw

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...

6.4CVSS7.4AI score0.0068EPSS
Exploits0References4
Prion
Prion
•added 2024/02/17 4:15 a.m.•15 views

Design/Logic Flaw

Teltonika TRB1-series devices with firmware before TRB1R00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB...

7.4AI score0.00328EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 4:15 a.m.•13 views

Design/Logic Flaw

Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface...

7.4AI score0.00203EPSS
Exploits0References2
Prion
Prion
•added 2024/02/17 2:15 a.m.•24 views

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

2.6CVSS5.4AI score0.00553EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•28 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

3.3CVSS6.1AI score0.00881EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2024/02/17 2:15 a.m.•28 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

4CVSS6.6AI score0.01117EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•13 views

Design/Logic Flaw

Vulnerability in Oracle Audit Vault and Database Firewall component: Firewall. Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful...

5CVSS6.9AI score0.0043EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•24 views

Design/Logic Flaw

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

2.6CVSS6.2AI score0.00792EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•17 views

Design/Logic Flaw

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: File download. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

5.8CVSS6.5AI score0.00327EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•20 views

Code injection

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Enterprise Infrastructure SEC. Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD...

3.3CVSS5.5AI score0.00521EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•25 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

3.3CVSS6AI score0.01096EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•17 views

Design/Logic Flaw

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Login - SSO. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application...

5CVSS6.2AI score0.00493EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•19 views

Design/Logic Flaw

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Engineering Change Order. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed...

4.9CVSS6.3AI score0.0034EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•13 views

Buffer overflow

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite component: Outcome-Result. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Custom...

5.8CVSS6.5AI score0.00361EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•14 views

Design/Logic Flaw

Vulnerability in Oracle Audit Vault and Database Firewall component: Firewall. Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successf...

1.7CVSS4.8AI score0.00301EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•23 views

Buffer overflow

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: BI Platform Security. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

4.9CVSS6.2AI score0.00308EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•22 views

Design/Logic Flaw

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Export. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...

6.5CVSS7.2AI score0.03405EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•16 views

Design/Logic Flaw

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Engineering Change Order. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed...

5.8CVSS6.5AI score0.00361EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•19 views

Code injection

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Monitoring and Diagnostics SEC. Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD...

4CVSS5.5AI score0.00375EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•20 views

Design/Logic Flaw

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: HTML UI. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful...

5.8CVSS6.4AI score0.00361EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2024/02/17 2:15 a.m.•12 views

Design/Logic Flaw

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Engineering Change Order. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed...

5.8CVSS6.5AI score0.00168EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•21 views

Buffer overflow

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

4.9CVSS6.3AI score0.00308EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•21 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

3.3CVSS6AI score0.01096EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•23 views

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

2.6CVSS5.2AI score0.00601EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•29 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

3.3CVSS6AI score0.01096EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•31 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Options. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

1.7CVSS5.7AI score0.00858EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•20 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

3.3CVSS6.1AI score0.01031EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2024/02/17 2:15 a.m.•17 views

Design/Logic Flaw

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Installation. Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

7.5CVSS6.7AI score0.00439EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•17 views

Design/Logic Flaw

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise...

4CVSS6.4AI score0.00416EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•25 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server...

5CVSS7.2AI score0.00503EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•27 views

Code injection

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...

5CVSS6.8AI score0.59679EPSS
Exploits2References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•22 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server : Security : Firewall. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to...

1.7CVSS5.8AI score0.01048EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•19 views

Design/Logic Flaw

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Log Management. The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

5.1CVSS7.4AI score0.00378EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•17 views

Design/Logic Flaw

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Object Store. The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...

4CVSS5.4AI score0.00375EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•34 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: RAPID. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS6.6AI score0.01117EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•17 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to...

2.1CVSS6.2AI score0.01023EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•15 views

Design/Logic Flaw

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Admin Console. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technica...

4CVSS5.8AI score0.00464EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•14 views

Buffer overflow

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite component: Outcome-Result. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Custom...

5.8CVSS6.5AI score0.00342EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•25 views

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

2.6CVSS6.5AI score0.00857EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•29 views

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

1CVSS6.2AI score0.00411EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•24 views

Code injection

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge...

4.9CVSS6.3AI score0.00269EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2024/02/17 2:15 a.m.•17 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

3.3CVSS6.1AI score0.01096EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2024/02/17 2:15 a.m.•16 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

3.3CVSS6AI score0.01096EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2024/02/17 2:15 a.m.•18 views

Design/Logic Flaw

Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Web Server. Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful...

4.9CVSS6.3AI score0.00308EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 2:15 a.m.•24 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server...

5.8CVSS6.5AI score0.00203EPSS
Exploits0References1
Total number of security vulnerabilities213680