Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2020/10/22 3:16 a.m.56 views

Design/Logic Flaw

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

7.5CVSS9.3AI score0.08235EPSS
Exploits0References14Affected Software3
Prion
Prion
added 2020/02/27 9:15 p.m.56 views

Memory corruption

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4.7, watchOS 5.3.7. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory...

9.3CVSS7.8AI score0.03475EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2018/01/18 2:29 a.m.56 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Partition. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...

7.5CVSS6.6AI score0.03389EPSS
Exploits0References14Affected Software12
Prion
Prion
added 2014/12/11 2:59 a.m.56 views

Design/Logic Flaw

iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service memory and CPU consumption via a large or infinite number of referrals...

4.3CVSS6.9AI score0.25205EPSS
Exploits0References8Affected Software3
Prion
Prion
added 2023/10/10 7:15 p.m.55 views

Input validation

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...

5CVSS6.1AI score0.05848EPSS
Exploits2References6Affected Software2
Prion
Prion
added 2023/08/21 5:15 p.m.55 views

Authentication flaw

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration...

7.5CVSS9.4AI score0.99949EPSS
Exploits6References2Affected Software1
Prion
Prion
added 2023/07/25 4:15 p.m.55 views

Out-of-bounds

A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to cause a 4 byte out-of-bounds read of XFRMAMTIMERTHRESH when parsing netlink attributes, leading to potential leakage of sensitive heap...

1.4CVSS5.5AI score0.00237EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2023/05/22 11:15 a.m.55 views

Default credentials

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

5CVSS7.8AI score0.51547EPSS
Exploits1References5Affected Software2
Prion
Prion
added 2023/05/11 10:15 p.m.55 views

Design/Logic Flaw

Adobe Substance 3D Painter versions 8.3.0 and earlier is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in tha...

1.9CVSS5.1AI score0.00294EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/02 6:15 p.m.55 views

Design/Logic Flaw

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...

5CVSS7.3AI score0.01261EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2023/03/30 5:15 a.m.55 views

Design/Logic Flaw

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...

5CVSS5.3AI score0.01695EPSS
Exploits1References7Affected Software2
Prion
Prion
added 2022/11/17 12:15 a.m.55 views

Command injection

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

7.5CVSS9.8AI score0.98035EPSS
Exploits3References2Affected Software1
Prion
Prion
added 2022/10/18 9:15 p.m.55 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.9AI score0.01161EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/10/18 9:15 p.m.55 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

1.7CVSS4.3AI score0.01058EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/07/05 4:15 p.m.55 views

Sql injection

SQL Injection vulnerability in User Stats interface /vicidial/userstats.php of VICIdial via the filedownload parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and beco...

9CVSS8.8AI score0.03431EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/04/04 4:15 p.m.55 views

Authentication flaw

The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search...

6.4CVSS9.1AI score0.01645EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2021/10/18 9:15 a.m.55 views

Code injection

An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be pass...

5CVSS7.3AI score0.02854EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2021/10/04 4:15 a.m.55 views

Design/Logic Flaw

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

4.3CVSS6.2AI score0.01337EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/07/12 3:15 p.m.55 views

Design/Logic Flaw

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65...

5.8CVSS6.3AI score0.09886EPSS
Exploits0References9Affected Software7
Prion
Prion
added 2021/06/24 2:15 p.m.55 views

Code injection

When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS 34...

4.3CVSS3.9AI score0.00671EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/04/22 10:15 p.m.55 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

6.5CVSS6.5AI score0.01886EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2021/04/15 8:15 p.m.55 views

Design/Logic Flaw

The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-https hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to...

6.8CVSS8.5AI score0.04942EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2021/01/20 3:15 p.m.55 views

Design/Logic Flaw

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

4.3CVSS3.4AI score0.02272EPSS
Exploits0References5Affected Software3
Prion
Prion
added 2020/10/29 8:15 a.m.55 views

Code injection

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options or the defaults options are deeply merged with provided options. However, during this operation, the keys of the object being...

5CVSS9.3AI score0.04678EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2018/08/22 1:29 p.m.55 views

Remote code execution

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

9.3CVSS8.2AI score0.99993EPSS
Exploits41References19Affected Software1
Prion
Prion
added 2017/11/27 10:29 p.m.55 views

Design/Logic Flaw

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request...

7.5CVSS9.4AI score0.09876EPSS
Exploits0References11Affected Software6
Prion
Prion
added 2017/06/27 5:29 p.m.55 views

Code injection

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References7Affected Software2
Prion
Prion
added 2017/03/07 4:59 p.m.55 views

Integer overflow

Integer overflow in the amapalloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value...

7.2CVSS8AI score0.00572EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2014/01/24 3:8 p.m.55 views

Double free

Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted Microsoft Word file...

7.5CVSS8AI score0.04165EPSS
Exploits0References9Affected Software3
Prion
Prion
added 2012/05/11 10:15 a.m.55 views

Design/Logic Flaw

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

7.5CVSS8AI score0.99998EPSS
Exploits42References26Affected Software1
Prion
Prion
added 2007/04/12 7:19 p.m.55 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter to 1 contacttype.php, 2 itemstatustype.php, 3 projectstatustype.php, 4 requesttype.php, 5...

6.8CVSS7.9AI score0.06681EPSS
Exploits0References12Affected Software1
Prion
Prion
added 2024/03/15 12:17 a.m.54 views

Cross site scripting

A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter...

6.1AI score0.00468EPSS
Exploits1References2
Prion
Prion
added 2023/11/02 10:15 p.m.54 views

Hardcoded credentials

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

7.5CVSS9.2AI score0.00681EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/08/03 3:15 a.m.54 views

Command injection

A remote command execution RCE vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server...

7.5CVSS9.8AI score0.97106EPSS
Exploits12References4Affected Software1
Prion
Prion
added 2023/07/25 7:15 a.m.54 views

Authentication flaw

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication...

7.5CVSS8.3AI score0.99999EPSS
Exploits14References4Affected Software1
Prion
Prion
added 2023/07/20 4:15 p.m.54 views

Deserialization of untrusted data

Adobe ColdFusion versions 2018u17 and earlier, 2021u7 and earlier and 2023u1 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction...

7.5CVSS9.5AI score0.97003EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/08/15 11:21 a.m.54 views

Design/Logic Flaw

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...

4CVSS5.2AI score0.00559EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/10/27 9:15 p.m.54 views

Design/Logic Flaw

In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response...

5CVSS5.2AI score0.08001EPSS
Exploits0References10Affected Software6
Prion
Prion
added 2021/10/04 3:15 a.m.54 views

Directory traversal

The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted on both the...

2.1CVSS4.6AI score0.00439EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2021/05/06 1:15 p.m.54 views

Input validation

Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA...

5CVSS8.4AI score0.61061EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/02/17 11:15 p.m.54 views

Default configuration

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the...

6.8CVSS8AI score0.64161EPSS
Exploits0References11Affected Software4
Prion
Prion
added 2019/05/16 7:29 p.m.54 views

Remote code execution

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'...

10CVSS9.8AI score0.99999EPSS
Exploits123References14Affected Software5
Prion
Prion
added 2014/05/22 11:14 a.m.54 views

Design/Logic Flaw

libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted message...

7.5CVSS8.3AI score0.0378EPSS
Exploits0References12Affected Software1
Prion
Prion
added 2013/04/17 6:55 p.m.54 views

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

10CVSS5.8AI score0.08704EPSS
Exploits0References35Affected Software2
Prion
Prion
added 2011/02/22 7:0 p.m.54 views

Code injection

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service infinite loop via an empty mDNS 1 IPv4 or 2 IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244...

5CVSS7.3AI score0.29361EPSS
Exploits2References31Affected Software5
Prion
Prion
added 2024/02/29 1:44 a.m.53 views

Cross site request forgery (csrf)

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/categoryedit component...

8.4AI score0.0069EPSS
Exploits1References2
Prion
Prion
added 2024/02/09 9:15 a.m.53 views

Cross site request forgery (csrf)

In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document...

6.5CVSS7.2AI score0.00617EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.53 views

Memory corruption

Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 119...

7.5CVSS9.7AI score0.00975EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/09/01 11:15 a.m.53 views

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

4CVSS4.5AI score0.00711EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/08/19 6:15 a.m.53 views

Default credentials

DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...

6.8CVSS8.5AI score0.02161EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities5000