Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2017/10/04 1:29 a.m.52 views

Code injection

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...

6.8CVSS7.6AI score0.99988EPSS
Exploits23References44Affected Software1
Prion
Prion
added 2017/03/17 12:59 a.m.52 views

Memory corruption

Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and...

7.6CVSS6.6AI score0.80386EPSS
Exploits9References3Affected Software1
Prion
Prion
added 2016/09/28 10:59 a.m.52 views

Design/Logic Flaw

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted query...

7.8CVSS6.9AI score0.89482EPSS
Exploits7References17Affected Software5
Prion
Prion
added 2016/06/09 4:59 p.m.52 views

Heap overflow

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service heap-based buffer underread and application crash via a crafted file, involving xmlParseName...

5CVSS6.8AI score0.1398EPSS
Exploits1References27Affected Software11
Prion
Prion
added 2015/01/09 2:59 a.m.52 views

Memory corruption

Memory leak in the dtls1bufferrecord function in d1pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service memory consumption by sending many duplicate records for the next epoch, leading to failure of replay detection...

5CVSS7AI score0.59319EPSS
Exploits0References31Affected Software1
Prion
Prion
added 2012/05/11 10:15 a.m.52 views

Design/Logic Flaw

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing command-line options...

5CVSS7.2AI score0.99998EPSS
Exploits42References8Affected Software1
Prion
Prion
added 2009/08/11 10:30 a.m.52 views

Null pointer dereference

The pftestrule function in OpenBSD Packet Filter PF, as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service panic via crafted IP packets that trigger a NULL pointer dereference during...

7.8CVSS7.2AI score0.09523EPSS
Exploits0References12Affected Software4
Prion
Prion
added 2007/11/07 11:46 p.m.52 views

Heap overflow

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing 1 Poly type 0x0070 through 0x0074 and 2 PackBitsRgn field 0x0099 opcodes in a PICT image...

9.3CVSS8AI score0.46662EPSS
Exploits0References16Affected Software2
Prion
Prion
added 2024/12/31 1:15 p.m.51 views

CVE-2024-56064

Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through 2.3.3...

0.14488EPSS
Exploits2References1
Prion
Prion
added 2024/03/14 10:53 p.m.51 views

Code injection

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

6.9AI score0.0098EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2024/03/11 4:15 p.m.51 views

Out-of-bounds

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

4.3CVSS7.9AI score0.00604EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:44 a.m.51 views

Design/Logic Flaw

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the files directory in the application's private data directory to an arbitrary room. The impact of th...

2.1CVSS6.8AI score0.00387EPSS
Exploits0References3
Prion
Prion
added 2024/01/19 11:15 a.m.51 views

Information disclosure

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue...

5CVSS6.9AI score0.14286EPSS
Exploits3References4Affected Software1
Prion
Prion
added 2023/12/14 6:15 p.m.51 views

Design/Logic Flaw

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to...

5CVSS6.9AI score0.57627EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2023/12/12 5:15 p.m.51 views

Design/Logic Flaw

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...

4CVSS6.6AI score0.00628EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/12/06 7:15 a.m.52 views

Design/Logic Flaw

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

3.2CVSS6.7AI score0.00376EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/09/20 9:15 p.m.51 views

Information disclosure

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php...

5CVSS7.3AI score0.30806EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2023/08/19 6:15 a.m.51 views

Path traversal

Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies tex...

3.3CVSS6.7AI score0.00333EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/07/13 3:15 p.m.51 views

Null pointer dereference

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

6.5CVSS8.7AI score0.4292EPSS
Exploits1References4Affected Software2
Prion
Prion
added 2023/04/29 12:15 a.m.51 views

Default configuration

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

5.1CVSS7.7AI score0.01742EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2023/03/31 8:15 p.m.51 views

Server side request forgery (ssrf)

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/baskets/name. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

4.7CVSS6.1AI score0.07497EPSS
Exploits29References6Affected Software1
Prion
Prion
added 2023/01/18 12:15 a.m.51 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS5.1AI score0.00853EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/12/13 7:15 p.m.51 views

Remote code execution

PowerShell Remote Code Execution Vulnerability...

4.6CVSS8.5AI score0.61605EPSS
Exploits4References1Affected Software5
Prion
Prion
added 2022/10/18 9:15 p.m.51 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

3.3CVSS4.8AI score0.0117EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/07/28 6:15 a.m.51 views

Design/Logic Flaw

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...

7.5CVSS9.4AI score0.01659EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/02/18 3:15 p.m.51 views

Cross site scripting

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...

4.3CVSS6.4AI score0.01456EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/10/13 1:15 a.m.51 views

Information disclosure

.NET Core and Visual Studio Information Disclosure Vulnerability...

2.9CVSS5.4AI score0.20342EPSS
Exploits0References2Affected Software3
Prion
Prion
added 2021/10/11 4:15 p.m.51 views

Design/Logic Flaw

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

4.4CVSS7.2AI score0.00111EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/07/21 3:15 p.m.51 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

4.9CVSS5.6AI score0.01879EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2020/10/21 3:15 p.m.51 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4CVSS4.9AI score0.02336EPSS
Exploits0References6Affected Software3
Prion
Prion
added 2020/04/15 2:15 p.m.51 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Memcached. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols t...

4.3CVSS5.5AI score0.03306EPSS
Exploits0References7Affected Software4
Prion
Prion
added 2020/04/02 6:15 p.m.51 views

Command injection

An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users including admins to enable arbitrary command execution...

6.8CVSS8.8AI score0.2247EPSS
Exploits5References2Affected Software1
Prion
Prion
added 2019/12/06 6:15 p.m.51 views

Buffer overflow

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

5CVSS5.5AI score0.14298EPSS
Exploits0References24Affected Software9
Prion
Prion
added 2019/10/29 7:15 p.m.51 views

Directory traversal

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory...

7.5CVSS9.3AI score0.01866EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/10/16 6:15 p.m.51 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4CVSS6.1AI score0.03726EPSS
Exploits0References9Affected Software5
Prion
Prion
added 2019/07/13 9:15 p.m.51 views

Design/Logic Flaw

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5CVSS7AI score0.0388EPSS
Exploits1References18Affected Software1
Prion
Prion
added 2019/07/08 1:15 a.m.51 views

Directory traversal

DISPUTED The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. This also affects old 3.x releases before 3.5. NOTE: the vendor's position is that it is the user's responsibility to ensure...

9.3CVSS7.5AI score0.01261EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/12/23 11:29 p.m.51 views

Integer overflow

Modules/pickle.c in Python before 3.7.1 has an integer overflow via a large LONGBINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of...

5CVSS8AI score0.05789EPSS
Exploits1References15Affected Software3
Prion
Prion
added 2018/01/10 3:29 p.m.51 views

Design/Logic Flaw

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...

5.8CVSS5.9AI score0.02712EPSS
Exploits0References11Affected Software1
Prion
Prion
added 2017/08/08 9:29 p.m.51 views

Xxe

XML External Entity XXE vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document...

5.8CVSS7.3AI score0.1162EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/06/19 4:29 a.m.51 views

Buffer overflow

The ieeeobjectp function in bfd/ieee.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as...

6.8CVSS8.1AI score0.07859EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2016/01/31 6:59 p.m.51 views

Memory corruption

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

10CVSS8.6AI score0.05992EPSS
Exploits0References30Affected Software5
Prion
Prion
added 2013/11/08 4:47 a.m.51 views

Information disclosure

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network...

4.3CVSS6.6AI score0.02626EPSS
Exploits1References8Affected Software3
Prion
Prion
added 2013/03/07 3:55 p.m.51 views

Integer overflow

The dissectdiagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service infinite loop via crafted integer...

6.1CVSS6.7AI score0.01269EPSS
Exploits0References12Affected Software3
Prion
Prion
added 2013/01/13 10:55 p.m.51 views

Design/Logic Flaw

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS6.8AI score0.05673EPSS
Exploits4References12Affected Software3
Prion
Prion
added 2008/09/25 7:25 p.m.51 views

Cross site request forgery (csrf)

ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery CSRF attacks and execute arbitrary FTP commands via a long ftp:// URI...

7.5CVSS7.7AI score0.04045EPSS
Exploits1References15Affected Software3
Prion
Prion
added 2007/04/25 4:19 p.m.51 views

Design/Logic Flaw

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483...

5CVSS6.6AI score0.03671EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2024/03/11 10:15 p.m.50 views

Code injection

Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from ...

5CVSS5.3AI score0.00664EPSS
Exploits1References4
Prion
Prion
added 2024/02/29 1:43 a.m.50 views

Design/Logic Flaw

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setread function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

5CVSS7AI score0.00598EPSS
Exploits0References7
Prion
Prion
added 2024/02/28 12:15 a.m.50 views

Code injection

Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. Handling a malicious response could cause extreme CPU and memory usage during the parsing of its content, due to the use of vulnerable regular expressions for that parsing...

5CVSS7.1AI score0.00553EPSS
Exploits1References2
Total number of security vulnerabilities5000