Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2019/11/18 4:15 p.m.•66 views

Cross site scripting

A persistent cross-site scripting XSS vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML...

3.5CVSS5.1AI score0.00615EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2018/12/20 9:29 p.m.•66 views

Out-of-bounds

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsiopensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution...

10CVSS9.7AI score0.86539EPSS
Exploits10References11Affected Software4
Prion
Prion
•added 2018/11/25 10:29 a.m.•66 views

Input validation

University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by means of the imaprimap function in c-client/imap4r1.c and the tcpaopen function in osdep/unix/tcpunix.c without preventing argument injection, which might allow remote...

8.5CVSS8AI score0.9523EPSS
Exploits6References20Affected Software4
Prion
Prion
•added 2018/01/21 10:29 p.m.•66 views

Null pointer dereference

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c...

5CVSS6.9AI score0.15716EPSS
Exploits1References11Affected Software4
Prion
Prion
•added 2017/10/03 1:29 a.m.•66 views

Stack overflow

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted DHCPv6 request...

7.5CVSS9.5AI score0.83638EPSS
Exploits6References20Affected Software7
Prion
Prion
•added 2024/02/14 3:15 p.m.•65 views

Cross site scripting

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php...

5.8CVSS5.9AI score0.00413EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/10/31 2:15 p.m.•65 views

Default credentials

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE...

7.5CVSS9.4AI score0.81695EPSS
Exploits18References2Affected Software1
Prion
Prion
•added 2023/10/17 10:15 p.m.•65 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.5AI score0.00983EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/10/17 10:15 p.m.•65 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.6AI score0.00884EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/08/08 6:15 p.m.•65 views

Remote code execution

Microsoft SQL OLE DB Remote Code Execution Vulnerability...

6.8CVSS8.9AI score0.01221EPSS
Exploits0References1Affected Software3
Prion
Prion
•added 2023/04/11 5:15 p.m.•65 views

Design/Logic Flaw

A download of code without Integrity check vulnerability CWE-494 in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate...

4.3CVSS7.7AI score0.00121EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/03/22 9:15 p.m.•65 views

Cross site scripting

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

5.8CVSS6.3AI score0.00725EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2023/01/10 10:15 p.m.•65 views

Denial of service

.NET Denial of Service Vulnerability...

5CVSS7.2AI score0.0274EPSS
Exploits0References1Affected Software3
Prion
Prion
•added 2022/09/21 11:15 a.m.•65 views

Memory corruption

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

5CVSS7.5AI score0.02299EPSS
Exploits0References9Affected Software3
Prion
Prion
•added 2021/11/17 7:15 p.m.•65 views

Hardcoded credentials

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

3.5CVSS6AI score0.01257EPSS
Exploits0References8Affected Software10
Prion
Prion
•added 2020/05/15 6:15 p.m.•65 views

Integer overflow

SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INTMAX...

10CVSS9.8AI score0.06603EPSS
Exploits2References4Affected Software1
Prion
Prion
•added 2017/12/15 9:29 a.m.•65 views

Command injection

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

9.3CVSS9.1AI score0.73927EPSS
Exploits5References14Affected Software8
Prion
Prion
•added 2012/06/05 4:55 p.m.•65 views

Memory corruption

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service daemon crash or data corruption or obta...

8.5CVSS7AI score0.13405EPSS
Exploits1References16Affected Software1
Prion
Prion
•added 2009/12/30 9:30 p.m.•65 views

Stack overflow

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary cod...

7.5CVSS8AI score0.69552EPSS
Exploits4References36Affected Software5
Prion
Prion
•added 2023/05/25 8:15 p.m.•64 views

Input validation

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet...

4.4CVSS7.5AI score0.003EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2023/01/10 10:15 p.m.•64 views

Privilege escalation

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability...

4.3CVSS7.6AI score0.65417EPSS
Exploits13References1Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•64 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.8AI score0.00962EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/06/08 8:15 p.m.•64 views

Integer overflow

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...

4CVSS6.9AI score0.15972EPSS
Exploits2References8Affected Software2
Prion
Prion
•added 2019/12/02 3:15 a.m.•64 views

Design/Logic Flaw

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. The vendor states that it was later fixed. Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history but does not exit the...

4CVSS6.3AI score0.02079EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2019/07/03 5:15 p.m.•64 views

Design/Logic Flaw

DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters...

5CVSS7.3AI score0.74048EPSS
Exploits4References3Affected Software1
Prion
Prion
•added 2017/05/23 4:29 a.m.•64 views

Command injection

The crc32big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation...

7.5CVSS7.4AI score0.0595EPSS
Exploits0References33Affected Software21
Prion
Prion
•added 2012/05/27 8:55 p.m.•64 views

Buffer overflow

Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via...

5.1CVSS8.6AI score0.05413EPSS
Exploits0References12Affected Software1
Prion
Prion
•added 2023/11/02 8:15 p.m.•63 views

Sql injection

A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument f leads to sql injection. The exploit has been disclosed to the public...

5.2CVSS7.9AI score0.00562EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2023/10/17 10:15 p.m.•63 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.3CVSS4.5AI score0.00983EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/10/13 12:15 p.m.•63 views

Design/Logic Flaw

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4...

4CVSS4.7AI score0.01045EPSS
Exploits1References6Affected Software2
Prion
Prion
•added 2023/05/09 6:15 p.m.•64 views

Remote code execution

Microsoft SharePoint Server Remote Code Execution Vulnerability...

5.8CVSS7AI score0.85395EPSS
Exploits7References1Affected Software2
Prion
Prion
•added 2023/04/28 3:15 p.m.•63 views

Cross site request forgery (csrf)

mccms v2.6.3 is vulnerable to Cross Site Request Forgery CSRF...

6.8CVSS8.7AI score0.00295EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/03/30 5:15 a.m.•63 views

Design/Logic Flaw

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service ReDoS via the angular.copy utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in...

5CVSS5.2AI score0.01695EPSS
Exploits1References7Affected Software2
Prion
Prion
•added 2023/03/28 3:15 p.m.•63 views

Stack overflow

Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that occurs when reading misconfigured midi files. If attacker can additional information, attacker can execute arbitrary code...

3.7CVSS7.2AI score0.00362EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/03/03 10:15 p.m.•63 views

Code injection

In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel...

5CVSS7.5AI score0.00757EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/02/03 6:15 a.m.•63 views

Double free

OpenSSH server sshd 9.1 introduced a double-free vulnerability during options.kexalgorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One...

4CVSS6.8AI score0.89955EPSS
Exploits10References16Affected Software2
Prion
Prion
•added 2022/10/18 9:15 p.m.•63 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.3CVSS4.8AI score0.01161EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/03/16 4:15 p.m.•63 views

Hardcoded credentials

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...

3.5CVSS6.1AI score0.01162EPSS
Exploits0References7Affected Software9
Prion
Prion
•added 2020/10/21 3:15 p.m.•63 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware...

7.7CVSS7.4AI score0.01184EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2020/04/29 9:15 p.m.•63 views

Code injection

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

4.3CVSS7.1AI score0.8383EPSS
Exploits6References65Affected Software35
Prion
Prion
•added 2019/07/23 2:15 p.m.•63 views

Buffer overflow

IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 Veracrypt, all versions Truecrypt is affected by: Buffer Overflow. The impact is: Minor information disclosure of kernel stack. The component is: Veracrypt NT Driver veracrypt.sys. The attack vector is: Locally executed code, IOCTL...

2.1CVSS3.7AI score0.00461EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2019/05/01 9:29 p.m.•63 views

Server side request forgery (ssrf)

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

5.4CVSS8.3AI score0.86503EPSS
Exploits7References12Affected Software37
Prion
Prion
•added 2013/07/18 4:51 p.m.•63 views

Default configuration

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than...

7.5CVSS7.9AI score0.99998EPSS
Exploits42References3Affected Software2
Prion
Prion
•added 2024/02/29 1:43 a.m.•62 views

Design/Logic Flaw

A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

1.7CVSS7.2AI score0.00419EPSS
Exploits1References3
Prion
Prion
•added 2023/10/17 10:15 p.m.•62 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.3CVSS4.5AI score0.0094EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/09/21 11:15 p.m.•62 views

Heap overflow

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023...

3.7CVSS7AI score0.00663EPSS
Exploits2References10Affected Software4
Prion
Prion
•added 2023/09/12 3:15 p.m.•62 views

Heap overflow

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...

6.8CVSS8.3AI score0.99694EPSS
Exploits9References45Affected Software8
Prion
Prion
•added 2023/08/29 4:15 p.m.•62 views

Code injection

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 Tunnel Encapsulation...

5CVSS7.1AI score0.01437EPSS
Exploits1References7Affected Software4
Prion
Prion
•added 2022/10/18 9:15 p.m.•62 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

3.3CVSS4.8AI score0.01381EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/09/21 11:15 a.m.•62 views

Memory corruption

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

5CVSS7.5AI score0.02176EPSS
Exploits0References9Affected Software3
Total number of security vulnerabilities5000