Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2019/02/22 11:29 p.m.59 views

Heap overflow

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

7.5CVSS9.3AI score0.09317EPSS
Exploits1References19Affected Software4
Prion
Prion
added 2019/01/22 2:29 p.m.59 views

Authorization

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g...

6.5CVSS6.7AI score0.01545EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2018/05/08 6:29 p.m.59 views

Privilege escalation

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

7.2CVSS6.4AI score0.18404EPSS
Exploits9References48Affected Software9
Prion
Prion
added 2017/12/05 11:29 p.m.59 views

Authentication flaw

An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed,...

3.3CVSS5.2AI score0.00364EPSS
Exploits0References2
Prion
Prion
added 2017/08/08 9:29 p.m.59 views

Memory corruption

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory...

7.6CVSS7.7AI score0.72116EPSS
Exploits38References4
Prion
Prion
added 2014/09/27 10:55 p.m.59 views

Design/Logic Flaw

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

10CVSS9.7AI score0.99999EPSS
Exploits145References109Affected Software1
Prion
Prion
added 2013/11/20 2:12 p.m.59 views

Design/Logic Flaw

lighttpd before 1.4.33 does not check the return value of the 1 setuid, 2 setgid, or 3 setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fai...

7.6CVSS7.3AI score0.10721EPSS
Exploits0References8Affected Software3
Prion
Prion
added 2011/01/13 7:0 p.m.59 views

Design/Logic Flaw

Stack consumption vulnerability in the regcomp implementation in the GNU C Library aka glibc or libc6 through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service resource exhaustion via a regular expression containing adjacent repetition operators, a...

5CVSS6.8AI score0.51298EPSS
Exploits12References11Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.58 views

Design/Logic Flaw

RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...

6.9AI score0.01044EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2024/02/29 1:44 a.m.58 views

Cross site scripting

Cross-site scripting XSS vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

6.2AI score0.00555EPSS
Exploits1References2
Prion
Prion
added 2024/02/09 3:15 p.m.58 views

Null pointer dereference

Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4StszAtom::GetSampleSize function...

1.9CVSS7.8AI score0.00255EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/10/17 10:15 p.m.58 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: UDF. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

3.3CVSS4.6AI score0.00938EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/10/13 10:15 a.m.58 views

Cross site scripting

Auth. Stored contributor+ Cross-Site Scripting XSS vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin = 16.8.0 versions...

4.9CVSS5.3AI score0.00788EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2023/02/14 8:15 p.m.58 views

Remote code execution

Microsoft SQL Server Remote Code Execution Vulnerability...

6.5CVSS8.8AI score0.01755EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/17 10:15 p.m.58 views

Code injection

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...

4.4CVSS7.5AI score0.06796EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/12/13 4:15 p.m.58 views

Design/Logic Flaw

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...

5CVSS6.5AI score0.01625EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/09/21 11:15 a.m.58 views

Code injection

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service...

5CVSS7.4AI score0.01646EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/03/15 1:15 a.m.58 views

Sql injection

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1...

6.5CVSS7.1AI score0.08669EPSS
Exploits12References2Affected Software1
Prion
Prion
added 2021/01/20 3:15 p.m.58 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 5.7.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

6.8CVSS4.8AI score0.02157EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/01/12 8:15 p.m.58 views

Privilege escalation

Microsoft SQL Elevation of Privilege Vulnerability...

6.5CVSS8.7AI score0.06153EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/01/16 9:15 p.m.58 views

Input validation

The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and unprocessed. I...

7.9CVSS6.7AI score0.03313EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2020/01/15 5:15 p.m.58 views

Design/Logic Flaw

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

4.3CVSS5.5AI score0.03485EPSS
Exploits0References7Affected Software4
Prion
Prion
added 2019/08/13 9:15 p.m.58 views

Code injection

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory fo...

6.8CVSS7.4AI score0.56262EPSS
Exploits0References37Affected Software17
Prion
Prion
added 2018/03/08 9:29 p.m.58 views

Design/Logic Flaw

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

6.8CVSS7.8AI score0.04665EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2017/06/20 1:29 a.m.58 views

Default credentials

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modmime can read one byte past the end of a buffer when sending a malicious Content-Type response header...

7.5CVSS9.3AI score0.39341EPSS
Exploits3References40Affected Software1
Prion
Prion
added 2015/11/18 3:59 p.m.58 views

Code injection

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...

7.5CVSS7.5AI score0.96032EPSS
Exploits17References15Affected Software3
Prion
Prion
added 2008/03/18 12:44 a.m.58 views

Crlf injection

CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF %0D%0A before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established...

4.3CVSS8AI score0.39165EPSS
Exploits2References6Affected Software1
Prion
Prion
added 2007/11/09 6:46 p.m.58 views

Buffer overflow

Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function...

6.8CVSS7.6AI score0.02378EPSS
Exploits1References29Affected Software1
Prion
Prion
added 2024/02/13 6:15 p.m.57 views

Privilege escalation

Microsoft Exchange Server Elevation of Privilege Vulnerability...

7.5CVSS7.1AI score0.12661EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/17 10:15 p.m.57 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

3.3CVSS4.6AI score0.00925EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/10/04 10:15 p.m.57 views

Code injection

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLDINSERTLIBRARIES environment variable...

4.4CVSS7.7AI score0.00352EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/09/27 3:18 p.m.57 views

Authentication flaw

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

5CVSS6AI score0.01091EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/07/06 4:15 p.m.57 views

Unrestricted file upload

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...

6.5CVSS8.6AI score0.01169EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/04/18 8:15 p.m.57 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

3.3CVSS4.6AI score0.01144EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/04/18 8:15 p.m.57 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.6AI score0.01144EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/01/18 12:15 a.m.57 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

3.3CVSS5.1AI score0.43131EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/10/21 6:15 p.m.57 views

Design/Logic Flaw

DISPUTED A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitabili...

1.7CVSS3.9AI score0.00573EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/10/18 9:15 p.m.57 views

Code injection

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell...

2.1CVSS3.6AI score0.0042EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/10/18 9:15 p.m.57 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

3.3CVSS4.8AI score0.01144EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/05/19 10:15 a.m.57 views

Design/Logic Flaw

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS DoT and DNS over HTTPS DoH, bu...

4.3CVSS7.4AI score0.04531EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/04/29 1:15 a.m.57 views

Code injection

In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malform...

4CVSS6.7AI score0.0594EPSS
Exploits0References11Affected Software4
Prion
Prion
added 2021/01/20 4:15 p.m.57 views

Heap overflow

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory...

7.1CVSS6.8AI score0.86041EPSS
Exploits0References7Affected Software3
Prion
Prion
added 2018/01/18 2:29 a.m.57 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Partition. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...

7.5CVSS6.6AI score0.03389EPSS
Exploits0References14Affected Software12
Prion
Prion
added 2014/12/11 2:59 a.m.57 views

Design/Logic Flaw

iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service memory and CPU consumption via a large or infinite number of referrals...

4.3CVSS6.9AI score0.25205EPSS
Exploits0References8Affected Software3
Prion
Prion
added 2011/06/03 5:55 p.m.57 views

Information disclosure

Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrat...

4.3CVSS6.5AI score0.20847EPSS
Exploits1References12Affected Software2
Prion
Prion
added 2010/02/04 8:15 p.m.57 views

Design/Logic Flaw

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to...

4.3CVSS6.5AI score0.3703EPSS
Exploits8References12Affected Software1
Prion
Prion
added 2024/02/29 1:44 a.m.56 views

Design/Logic Flaw

An issue in WuKongOpenSource WukongCRM v.72crm9.0.120191202 allows a remote attacker to execute arbitrary code via the parseObject function in the fastjson component...

8.4AI score0.04872EPSS
Exploits1References2
Prion
Prion
added 2023/10/10 7:15 p.m.56 views

Input validation

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...

5CVSS6.1AI score0.05848EPSS
Exploits2References6Affected Software2
Prion
Prion
added 2023/09/20 9:15 p.m.57 views

Design/Logic Flaw

In the Unbreakable Enterprise Kernel UEK, the RDS module in UEK has two setsockopt2 options, RDSCONNRESET and RDS6CONNRESET, that are not re-entrant. A malicious local user with CAPNETADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 Availability impacts. CVSS Vector:...

1.7CVSS5AI score0.00168EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/05/22 11:15 a.m.56 views

Default credentials

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

5CVSS7.8AI score0.51547EPSS
Exploits1References5Affected Software2
Total number of security vulnerabilities5000