Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2021/10/07 4:15 p.m.•54 views

Code injection

Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are...

4.3CVSS6.6AI score0.19433EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2021/10/04 4:15 a.m.•54 views

Memory corruption

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...

4.3CVSS5.7AI score0.01724EPSS
Exploits1References6Affected Software1
Prion
Prion
•added 2021/10/04 3:15 a.m.•54 views

Directory traversal

The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted on both the...

2.1CVSS4.6AI score0.00439EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2021/09/16 3:15 p.m.•54 views

Design/Logic Flaw

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

6.8CVSS9.1AI score0.99999EPSS
Exploits5References19Affected Software9
Prion
Prion
•added 2021/05/06 1:15 p.m.•54 views

Input validation

Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA...

5CVSS8.4AI score0.61061EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2021/03/09 8:15 p.m.•54 views

Design/Logic Flaw

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive...

5.1CVSS7.4AI score0.88644EPSS
Exploits5References14Affected Software4
Prion
Prion
•added 2021/02/17 11:15 p.m.•54 views

Default configuration

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the...

6.8CVSS8AI score0.64161EPSS
Exploits0References11Affected Software4
Prion
Prion
•added 2020/04/12 9:15 p.m.•54 views

Design/Logic Flaw

An issue was discovered in OpenResty before 1.15.8.4. ngxhttpluasubrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API...

5CVSS7.3AI score0.02599EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2024/02/29 1:44 a.m.•53 views

Cross site request forgery (csrf)

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/categoryedit component...

8.4AI score0.0069EPSS
Exploits1References2
Prion
Prion
•added 2024/02/09 9:15 a.m.•53 views

Cross site request forgery (csrf)

In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document...

6.5CVSS7.2AI score0.00617EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/11/29 7:15 p.m.•53 views

Null pointer dereference

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling loadpempkcs7certificates or loadderpkcs7certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service...

5CVSS6.8AI score0.00985EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2023/10/25 6:17 p.m.•53 views

Memory corruption

Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 119...

7.5CVSS9.7AI score0.00975EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/10/17 10:15 p.m.•53 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

3.3CVSS4.6AI score0.00884EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/10/16 4:15 p.m.•53 views

Command injection

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issue...

7.5CVSS8.6AI score0.99571EPSS
Exploits28References1Affected Software1
Prion
Prion
•added 2023/09/01 11:15 a.m.•53 views

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

4CVSS4.5AI score0.00711EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/08/19 6:15 a.m.•53 views

Default credentials

DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...

6.8CVSS8.5AI score0.02161EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/06/22 11:15 p.m.•53 views

Design/Logic Flaw

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data...

3.2CVSS6.7AI score0.01395EPSS
Exploits1References11Affected Software4
Prion
Prion
•added 2023/03/15 4:15 a.m.•53 views

Directory traversal

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

7.5CVSS9.4AI score0.01545EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2023/02/06 7:15 p.m.•53 views

Design/Logic Flaw

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246...

4CVSS9.2AI score0.01103EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2023/01/18 12:15 a.m.•53 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS5.1AI score0.00853EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/01/18 12:15 a.m.•53 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS5.1AI score0.00853EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/03/04 7:15 p.m.•53 views

Design/Logic Flaw

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...

7.1CVSS8AI score0.11586EPSS
Exploits1References10Affected Software12
Prion
Prion
•added 2022/01/01 6:15 a.m.•53 views

Code injection

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

5CVSS7.5AI score0.02931EPSS
Exploits1References6Affected Software7
Prion
Prion
•added 2021/09/15 10:15 p.m.•53 views

Authentication flaw

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets...

10CVSS9.5AI score0.99871EPSS
Exploits12References3Affected Software19
Prion
Prion
•added 2021/07/15 5:15 p.m.•53 views

Security feature bypass

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

5CVSS6.1AI score0.99298EPSS
Exploits11References38Affected Software12
Prion
Prion
•added 2018/09/12 11:29 p.m.•53 views

Design/Logic Flaw

Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473...

4.3CVSS6AI score0.02273EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2017/12/07 4:29 p.m.•53 views

Buffer overflow

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

4.3CVSS5.9AI score0.83645EPSS
Exploits1References27Affected Software3
Prion
Prion
•added 2016/09/28 10:59 a.m.•53 views

Design/Logic Flaw

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted query...

7.8CVSS6.9AI score0.89482EPSS
Exploits7References17Affected Software5
Prion
Prion
•added 2016/06/27 10:59 a.m.•53 views

Race condition

Race condition in the vopioctl function in drivers/misc/mic/vop/vopvringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service memory corruption and system crash by changing a certain header, ak...

5.4CVSS6.7AI score0.00404EPSS
Exploits0References12Affected Software2
Prion
Prion
•added 2015/01/09 2:59 a.m.•53 views

Memory corruption

Memory leak in the dtls1bufferrecord function in d1pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service memory consumption by sending many duplicate records for the next epoch, leading to failure of replay detection...

5CVSS7AI score0.59319EPSS
Exploits0References31Affected Software1
Prion
Prion
•added 2014/01/08 4:55 p.m.•53 views

Information disclosure

The dgramrecvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2...

4.9CVSS5.6AI score0.0048EPSS
Exploits0References19Affected Software1
Prion
Prion
•added 2012/06/07 10:55 p.m.•53 views

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE:...

10CVSS8.4AI score0.98113EPSS
Exploits13References22Affected Software1
Prion
Prion
•added 2024/12/31 1:15 p.m.•52 views

CVE-2024-56064

Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through 2.3.3...

0.14488EPSS
Exploits2References1
Prion
Prion
•added 2024/03/11 4:15 p.m.•52 views

Out-of-bounds

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

4.3CVSS7.9AI score0.00604EPSS
Exploits0References1
Prion
Prion
•added 2023/08/14 11:15 p.m.•52 views

Default credentials

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution...

6.8CVSS8.3AI score0.03213EPSS
Exploits0References5Affected Software6
Prion
Prion
•added 2023/08/08 6:15 p.m.•52 views

Input validation

Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access...

7.5CVSS9.6AI score0.01056EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/07/20 3:15 p.m.•52 views

Type confusion

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...

5CVSS6AI score0.62606EPSS
Exploits0References11Affected Software4
Prion
Prion
•added 2023/07/18 11:15 p.m.•52 views

Remote code execution

This High severity RCE Remote Code Execution vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high...

4.6CVSS8.8AI score0.02185EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/07/14 10:15 p.m.•52 views

Command injection

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...

7.5CVSS6.9AI score0.12996EPSS
Exploits9References1Affected Software1
Prion
Prion
•added 2023/05/31 7:15 p.m.•52 views

Privilege escalation

Windows Digital Media Receiver Elevation of Privilege Vulnerability...

4.3CVSS7.6AI score0.00545EPSS
Exploits0References1Affected Software7
Prion
Prion
•added 2023/03/06 11:15 p.m.•52 views

Design/Logic Flaw

A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the grucheckchipletassignment function. This flaw allows a local user to crash or potentially escalate their privileges on the...

4.3CVSS7.3AI score0.00238EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2023/01/18 12:15 a.m.•52 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS5.1AI score0.00853EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/12/05 4:15 p.m.•52 views

Out-of-bounds

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet...

7.5CVSS9.5AI score0.01255EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•52 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.7CVSS6.2AI score0.01027EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/08/25 6:15 p.m.•52 views

Authentication flaw

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's...

2.6CVSS6.5AI score0.01501EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/07/28 6:15 a.m.•52 views

Design/Logic Flaw

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...

7.5CVSS9.4AI score0.01659EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2022/02/09 11:15 p.m.•52 views

Design/Logic Flaw

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

5CVSS7.2AI score0.08325EPSS
Exploits1References7Affected Software4
Prion
Prion
•added 2021/10/11 4:15 p.m.•52 views

Design/Logic Flaw

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

4.4CVSS7.2AI score0.00111EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/07/21 3:15 p.m.•52 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

4.9CVSS5.6AI score0.01879EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2021/05/14 8:15 p.m.•52 views

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedMul. This is because the...

2.1CVSS5.4AI score0.00189EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities5000