Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2021/10/04 4:15 a.m.•62 views

Design/Logic Flaw

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and...

5CVSS5.8AI score0.01945EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2021/01/20 5:15 p.m.•62 views

Heap overflow

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory...

7.1CVSS6.8AI score0.86692EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2019/09/06 11:15 a.m.•62 views

Code injection

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

10CVSS9.6AI score0.35736EPSS
Exploits3References23Affected Software2
Prion
Prion
•added 2018/09/05 10:29 p.m.•62 views

Authentication flaw

TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN...

5CVSS9.5AI score0.03576EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2018/01/18 2:29 a.m.•62 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Security : Privileges. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

7.8CVSS6.9AI score0.0452EPSS
Exploits0References7Affected Software1
Prion
Prion
•added 2017/03/27 3:59 p.m.•62 views

Design/Logic Flaw

httpd in OpenBSD allows remote attackers to cause a denial of service memory consumption via a series of requests for a large file using an HTTP Range header...

7.8CVSS7.3AI score0.17203EPSS
Exploits7References11Affected Software1
Prion
Prion
•added 2010/03/10 10:30 p.m.•62 views

Sql injection

SQL injection vulnerability in silentumguestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter...

7.5CVSS9.1AI score0.00936EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2024/02/09 2:15 p.m.•61 views

Sql injection

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2...

6.8CVSS8.8AI score0.00698EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/11/06 4:15 p.m.•61 views

Design/Logic Flaw

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

5CVSS7.2AI score0.04459EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2023/09/20 3:15 p.m.•61 views

Type confusion

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in...

7.5CVSS6.2AI score0.62606EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2023/03/09 6:15 p.m.•61 views

Design/Logic Flaw

metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and displayed to the user. This allows a users of the...

4CVSS6.4AI score0.00858EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/06/14 6:15 p.m.•61 views

Code injection

The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket...

2.1CVSS5.1AI score0.00248EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/09/08 3:15 p.m.•61 views

Design/Logic Flaw

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report...

6.8CVSS8.7AI score0.04528EPSS
Exploits0References6Affected Software6
Prion
Prion
•added 2021/05/27 2:15 p.m.•61 views

Input validation

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack against all clients using the proxy. A client sends an HTTP Range request to trigger this...

4CVSS6.6AI score0.05492EPSS
Exploits1References9Affected Software3
Prion
Prion
•added 2020/03/12 4:15 p.m.•61 views

Remote code execution

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'...

7.5CVSS9.7AI score0.9981EPSS
Exploits125References7Affected Software2
Prion
Prion
•added 2016/03/13 6:59 p.m.•61 views

Design/Logic Flaw

Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections...

10CVSS8AI score0.0597EPSS
Exploits0References18Affected Software4
Prion
Prion
•added 2008/04/02 6:44 p.m.•61 views

Session fixation

OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshdconfig ForceCommand directive by modifying the .ssh/rc session file...

6.5CVSS6.3AI score0.02223EPSS
Exploits3References32Affected Software1
Prion
Prion
•added 2007/03/10 12:19 a.m.•61 views

Remote file inclusion

PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tplpgbmoddir parameter...

10CVSS8AI score0.04034EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2024/03/13 10:15 a.m.•60 views

Cross site scripting

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and...

6.4CVSS6.4AI score0.26666EPSS
Exploits0References7
Prion
Prion
•added 2024/02/09 1:15 p.m.•60 views

Authentication flaw

Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacherlogin.php...

6.5CVSS7.6AI score0.00778EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2024/01/26 9:15 a.m.•60 views

Null pointer dereference

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

1.9CVSS6.8AI score0.03174EPSS
Exploits0References7Affected Software1
Prion
Prion
•added 2024/01/10 10:15 p.m.•60 views

Code injection

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution...

6.8CVSS7.1AI score0.00702EPSS
Exploits0References5Affected Software6
Prion
Prion
•added 2023/10/27 3:15 p.m.•60 views

Design/Logic Flaw

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...

7.5CVSS9.5AI score0.99654EPSS
Exploits31References5Affected Software2
Prion
Prion
•added 2023/10/17 10:15 p.m.•60 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.6AI score0.00926EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/10/17 10:15 p.m.•60 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.5AI score0.0094EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/08/14 10:15 p.m.•60 views

Input validation

In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS7.7AI score0.00168EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/07/31 4:15 p.m.•60 views

Design/Logic Flaw

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

5CVSS5.5AI score0.05533EPSS
Exploits0References14Affected Software1
Prion
Prion
•added 2023/04/21 3:15 p.m.•60 views

Cross site scripting

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

1CVSS6.3AI score0.01377EPSS
Exploits3References5Affected Software2
Prion
Prion
•added 2023/04/18 8:15 p.m.•60 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.6AI score0.01128EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/01/18 12:15 a.m.•60 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS5.1AI score0.00853EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•60 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.8AI score0.01144EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•60 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS6.1AI score0.01196EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/08/31 4:15 p.m.•60 views

Design/Logic Flaw

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

6.5CVSS8.8AI score0.12403EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2022/06/09 5:15 p.m.•60 views

Design/Logic Flaw

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...

7.5CVSS9.5AI score0.0314EPSS
Exploits1References6Affected Software2
Prion
Prion
•added 2021/09/08 3:15 p.m.•60 views

Cross site scripting

An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross sit...

4.3CVSS6AI score0.01358EPSS
Exploits0References7Affected Software8
Prion
Prion
•added 2021/05/28 12:15 p.m.•60 views

Code injection

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service affecting availability to all clients via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server...

4CVSS6.6AI score0.79583EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2019/01/03 1:29 a.m.•60 views

Authentication flaw

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster...

5CVSS7.6AI score0.70372EPSS
Exploits1References6Affected Software1
Prion
Prion
•added 2023/09/13 8:15 p.m.•59 views

Design/Logic Flaw

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15...

7.5CVSS9.4AI score0.92918EPSS
Exploits10References7Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•59 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.8AI score0.01144EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2021/05/27 1:15 p.m.•59 views

Cross site request forgery (csrf)

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack against all clients using the proxy via HTTP Range request processing...

4CVSS6.7AI score0.95785EPSS
Exploits2References9Affected Software3
Prion
Prion
•added 2021/05/06 1:15 p.m.•59 views

Design/Logic Flaw

Exim 4 before 4.94.2 allows Use After Free in smtpreset in certain situations that may be common for builds with OpenSSL...

7.5CVSS9.4AI score0.55834EPSS
Exploits3References8Affected Software1
Prion
Prion
•added 2021/03/09 10:15 p.m.•59 views

Information disclosure

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody...

4.3CVSS5.9AI score0.13005EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2021/02/15 4:15 a.m.•59 views

Null pointer dereference

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash...

5CVSS7.3AI score0.03152EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2021/01/26 9:15 p.m.•59 views

Design/Logic Flaw

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

4.3CVSS6.6AI score0.02223EPSS
Exploits0References5Affected Software10
Prion
Prion
•added 2020/04/21 7:15 p.m.•59 views

Design/Logic Flaw

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate o...

10CVSS9.7AI score0.9927EPSS
Exploits48References2Affected Software1
Prion
Prion
•added 2019/07/03 5:15 p.m.•59 views

Code injection

DNN aka DotNetNuke 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy...

5CVSS7.4AI score0.46547EPSS
Exploits4References3Affected Software1
Prion
Prion
•added 2017/08/08 9:29 p.m.•59 views

Memory corruption

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory...

7.6CVSS7.7AI score0.72116EPSS
Exploits38References4
Prion
Prion
•added 2014/09/27 10:55 p.m.•59 views

Design/Logic Flaw

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

10CVSS9.7AI score0.99999EPSS
Exploits144References109Affected Software1
Prion
Prion
•added 2011/01/13 7:0 p.m.•59 views

Design/Logic Flaw

Stack consumption vulnerability in the regcomp implementation in the GNU C Library aka glibc or libc6 through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service resource exhaustion via a regular expression containing adjacent repetition operators, a...

5CVSS6.8AI score0.51298EPSS
Exploits12References11Affected Software1
Prion
Prion
•added 2024/03/14 10:53 p.m.•58 views

Design/Logic Flaw

RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...

6.9AI score0.01044EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities5000