Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2024/02/29 1:44 a.m.•58 views

Cross site scripting

Cross-site scripting XSS vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

6.2AI score0.00555EPSS
Exploits1References2
Prion
Prion
•added 2024/02/09 3:15 p.m.•58 views

Null pointer dereference

Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4StszAtom::GetSampleSize function...

1.9CVSS7.8AI score0.00255EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2024/02/09 2:15 p.m.•58 views

Sql injection

Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."...

7.5CVSS8.8AI score0.00682EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/09/06 6:15 p.m.•58 views

Authentication flaw

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or ...

6.4CVSS9.4AI score0.21583EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/03/14 5:15 p.m.•58 views

Privilege escalation

Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability...

4.3CVSS7.7AI score0.00468EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/12/13 4:15 p.m.•58 views

Design/Logic Flaw

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...

5CVSS6.5AI score0.01625EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/09/21 11:15 a.m.•58 views

Code injection

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service...

5CVSS7.4AI score0.01646EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2022/03/15 1:15 a.m.•58 views

Sql injection

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1...

6.5CVSS7.1AI score0.08669EPSS
Exploits12References2Affected Software1
Prion
Prion
•added 2021/12/15 3:15 p.m.•58 views

Spoofing

Microsoft PowerShell Spoofing Vulnerability...

4.3CVSS5.7AI score0.0232EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2019/08/13 9:15 p.m.•58 views

Code injection

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory fo...

6.8CVSS7.4AI score0.56262EPSS
Exploits0References37Affected Software17
Prion
Prion
•added 2019/02/22 11:29 p.m.•58 views

Heap overflow

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

7.5CVSS9.3AI score0.09317EPSS
Exploits1References19Affected Software4
Prion
Prion
•added 2019/01/22 2:29 p.m.•58 views

Authorization

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g...

6.5CVSS6.7AI score0.01545EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2018/05/08 6:29 p.m.•58 views

Privilege escalation

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

7.2CVSS6.4AI score0.18404EPSS
Exploits9References48Affected Software9
Prion
Prion
•added 2017/12/05 11:29 p.m.•58 views

Authentication flaw

An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed,...

3.3CVSS5.2AI score0.00364EPSS
Exploits0References2
Prion
Prion
•added 2017/06/20 1:29 a.m.•58 views

Default credentials

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modmime can read one byte past the end of a buffer when sending a malicious Content-Type response header...

7.5CVSS9.3AI score0.39341EPSS
Exploits3References40Affected Software1
Prion
Prion
•added 2015/11/18 3:59 p.m.•58 views

Code injection

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...

7.5CVSS7.5AI score0.96032EPSS
Exploits17References15Affected Software3
Prion
Prion
•added 2013/11/20 2:12 p.m.•58 views

Design/Logic Flaw

lighttpd before 1.4.33 does not check the return value of the 1 setuid, 2 setgid, or 3 setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fai...

7.6CVSS7.3AI score0.10721EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2008/03/18 12:44 a.m.•58 views

Crlf injection

CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF %0D%0A before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established...

4.3CVSS8AI score0.39165EPSS
Exploits2References6Affected Software1
Prion
Prion
•added 2007/11/09 6:46 p.m.•58 views

Buffer overflow

Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function...

6.8CVSS7.6AI score0.02378EPSS
Exploits1References29Affected Software1
Prion
Prion
•added 2024/02/13 6:15 p.m.•57 views

Privilege escalation

Microsoft Exchange Server Elevation of Privilege Vulnerability...

7.5CVSS7.1AI score0.12661EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/10/17 10:15 p.m.•57 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: UDF. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

3.3CVSS4.6AI score0.00938EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/10/13 10:15 a.m.•57 views

Cross site scripting

Auth. Stored contributor+ Cross-Site Scripting XSS vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin = 16.8.0 versions...

4.9CVSS5.3AI score0.00788EPSS
Exploits1References3Affected Software2
Prion
Prion
•added 2023/10/04 10:15 p.m.•57 views

Code injection

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLDINSERTLIBRARIES environment variable...

4.4CVSS7.7AI score0.00352EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2023/09/27 3:18 p.m.•57 views

Authentication flaw

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

5CVSS6AI score0.011EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/07/06 4:15 p.m.•57 views

Unrestricted file upload

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...

6.5CVSS8.6AI score0.01169EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/02/14 8:15 p.m.•57 views

Remote code execution

Microsoft SQL Server Remote Code Execution Vulnerability...

6.5CVSS8.8AI score0.01755EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/01/18 12:15 a.m.•57 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

3.3CVSS5.1AI score0.43131EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/01/17 10:15 p.m.•57 views

Code injection

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...

4.4CVSS7.5AI score0.06796EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•57 views

Code injection

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell...

2.1CVSS3.6AI score0.0042EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/05/19 10:15 a.m.•57 views

Design/Logic Flaw

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS DoT and DNS over HTTPS DoH, bu...

4.3CVSS7.4AI score0.04531EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/04/29 1:15 a.m.•57 views

Code injection

In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malform...

4CVSS6.7AI score0.0594EPSS
Exploits0References11Affected Software4
Prion
Prion
•added 2021/01/20 3:15 p.m.•57 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 5.7.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

6.8CVSS4.8AI score0.02157EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2021/01/12 8:15 p.m.•57 views

Privilege escalation

Microsoft SQL Elevation of Privilege Vulnerability...

6.5CVSS8.7AI score0.06153EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2020/01/16 9:15 p.m.•57 views

Input validation

The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and unprocessed. I...

7.9CVSS6.7AI score0.03313EPSS
Exploits0References7Affected Software1
Prion
Prion
•added 2020/01/15 5:15 p.m.•57 views

Design/Logic Flaw

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

4.3CVSS5.5AI score0.03485EPSS
Exploits0References7Affected Software4
Prion
Prion
•added 2018/03/08 9:29 p.m.•57 views

Design/Logic Flaw

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

6.8CVSS7.8AI score0.04665EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2011/06/03 5:55 p.m.•57 views

Information disclosure

Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrat...

4.3CVSS6.5AI score0.20847EPSS
Exploits1References12Affected Software2
Prion
Prion
•added 2010/02/04 8:15 p.m.•57 views

Design/Logic Flaw

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to...

4.3CVSS6.5AI score0.3703EPSS
Exploits8References12Affected Software1
Prion
Prion
•added 2024/02/29 1:44 a.m.•56 views

Design/Logic Flaw

An issue in WuKongOpenSource WukongCRM v.72crm9.0.120191202 allows a remote attacker to execute arbitrary code via the parseObject function in the fastjson component...

8.4AI score0.04872EPSS
Exploits1References2
Prion
Prion
•added 2023/10/17 10:15 p.m.•56 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

3.3CVSS4.6AI score0.00925EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/09/20 9:15 p.m.•57 views

Design/Logic Flaw

In the Unbreakable Enterprise Kernel UEK, the RDS module in UEK has two setsockopt2 options, RDSCONNRESET and RDS6CONNRESET, that are not re-entrant. A malicious local user with CAPNETADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 Availability impacts. CVSS Vector:...

1.7CVSS5AI score0.00168EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/04/18 8:15 p.m.•56 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

3.3CVSS4.6AI score0.01144EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/04/18 8:15 p.m.•56 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.6AI score0.01144EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/02/13 11:15 p.m.•56 views

Hardcoded credentials

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart...

5CVSS7.2AI score0.01216EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2022/10/21 6:15 p.m.•56 views

Design/Logic Flaw

DISPUTED A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitabili...

1.7CVSS3.9AI score0.00573EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•56 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

3.3CVSS4.8AI score0.01144EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/03/16 5:15 p.m.•56 views

Input validation

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...

5CVSS7.2AI score0.02448EPSS
Exploits0References6Affected Software9
Prion
Prion
•added 2021/12/07 8:15 p.m.•56 views

Integer overflow

NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

7.2CVSS8.7AI score0.00481EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2021/08/01 7:15 p.m.•56 views

Code injection

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

5.8CVSS7.1AI score0.02909EPSS
Exploits1References8Affected Software2
Prion
Prion
•added 2021/01/20 4:15 p.m.•56 views

Heap overflow

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory...

7.1CVSS6.8AI score0.86041EPSS
Exploits0References7Affected Software3
Total number of security vulnerabilities5000