Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2023/12/14 6:15 p.m.•51 views

Design/Logic Flaw

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to...

5CVSS6.9AI score0.57627EPSS
Exploits0References7Affected Software1
Prion
Prion
•added 2023/12/12 5:15 p.m.•51 views

Design/Logic Flaw

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...

4CVSS6.6AI score0.00628EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/12/06 7:15 a.m.•52 views

Design/Logic Flaw

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

3.2CVSS6.7AI score0.00373EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2023/09/20 9:15 p.m.•51 views

Information disclosure

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php...

5CVSS7.3AI score0.30806EPSS
Exploits1References3Affected Software2
Prion
Prion
•added 2023/08/19 6:15 a.m.•51 views

Path traversal

Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies tex...

3.3CVSS6.7AI score0.00333EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/04/29 12:15 a.m.•51 views

Default configuration

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

5.1CVSS7.7AI score0.01742EPSS
Exploits0References10Affected Software1
Prion
Prion
•added 2023/03/15 4:15 a.m.•51 views

Directory traversal

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

7.5CVSS9.4AI score0.01545EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2023/03/06 11:15 p.m.•51 views

Design/Logic Flaw

A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the grucheckchipletassignment function. This flaw allows a local user to crash or potentially escalate their privileges on the...

4.3CVSS7.3AI score0.00238EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2023/01/18 12:15 a.m.•51 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS5.1AI score0.00853EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/01/18 12:15 a.m.•51 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS5.1AI score0.00853EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/02/09 11:15 p.m.•51 views

Design/Logic Flaw

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

5CVSS7.2AI score0.08325EPSS
Exploits1References7Affected Software4
Prion
Prion
•added 2021/10/11 4:15 p.m.•51 views

Design/Logic Flaw

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

4.4CVSS7.2AI score0.00111EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/05/14 8:15 p.m.•51 views

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedMul. This is because the...

2.1CVSS5.4AI score0.00189EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2021/03/01 12:15 p.m.•51 views

Design/Logic Flaw

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the...

4.4CVSS7.4AI score0.56636EPSS
Exploits15References18Affected Software12
Prion
Prion
•added 2021/01/20 5:15 p.m.•51 views

Design/Logic Flaw

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the...

4.3CVSS3.9AI score0.04873EPSS
Exploits2References7Affected Software4
Prion
Prion
•added 2021/01/20 4:15 p.m.•51 views

Design/Logic Flaw

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query,...

4.3CVSS4AI score0.04873EPSS
Exploits2References8Affected Software4
Prion
Prion
•added 2020/10/21 3:15 p.m.•51 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4CVSS4.9AI score0.02336EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2020/10/21 3:15 p.m.•51 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.8CVSS6.2AI score0.03012EPSS
Exploits0References10Affected Software5
Prion
Prion
•added 2020/04/02 6:15 p.m.•51 views

Command injection

An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users including admins to enable arbitrary command execution...

6.8CVSS8.8AI score0.2247EPSS
Exploits5References2Affected Software1
Prion
Prion
•added 2019/12/06 6:15 p.m.•51 views

Buffer overflow

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

5CVSS5.5AI score0.14298EPSS
Exploits0References24Affected Software9
Prion
Prion
•added 2019/07/08 1:15 a.m.•51 views

Directory traversal

DISPUTED The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. This also affects old 3.x releases before 3.5. NOTE: the vendor's position is that it is the user's responsibility to ensure...

9.3CVSS7.5AI score0.01261EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2018/12/23 11:29 p.m.•51 views

Integer overflow

Modules/pickle.c in Python before 3.7.1 has an integer overflow via a large LONGBINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of...

5CVSS8AI score0.05789EPSS
Exploits1References15Affected Software3
Prion
Prion
•added 2018/06/19 12:29 p.m.•51 views

Denial of service

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.ISLINEJUNK method. An attacker could use this flaw to cause denial of service...

5CVSS7.6AI score0.04979EPSS
Exploits0References21Affected Software8
Prion
Prion
•added 2017/08/08 9:29 p.m.•51 views

Xxe

XML External Entity XXE vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document...

5.8CVSS7.3AI score0.1162EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2017/06/19 4:29 a.m.•51 views

Buffer overflow

The ieeeobjectp function in bfd/ieee.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as...

6.8CVSS8.1AI score0.07859EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2017/03/17 12:59 a.m.•51 views

Memory corruption

Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and...

7.6CVSS6.6AI score0.80386EPSS
Exploits9References3Affected Software1
Prion
Prion
•added 2013/03/07 3:55 p.m.•51 views

Integer overflow

The dissectdiagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service infinite loop via crafted integer...

6.1CVSS6.7AI score0.01269EPSS
Exploits0References12Affected Software3
Prion
Prion
•added 2013/01/13 10:55 p.m.•51 views

Design/Logic Flaw

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS6.8AI score0.05673EPSS
Exploits4References12Affected Software3
Prion
Prion
•added 2012/05/11 10:15 a.m.•51 views

Design/Logic Flaw

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing command-line options...

5CVSS7.2AI score0.99998EPSS
Exploits42References8Affected Software1
Prion
Prion
•added 2008/09/25 7:25 p.m.•51 views

Cross site request forgery (csrf)

ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery CSRF attacks and execute arbitrary FTP commands via a long ftp:// URI...

7.5CVSS7.7AI score0.04045EPSS
Exploits1References15Affected Software3
Prion
Prion
•added 2007/04/25 4:19 p.m.•51 views

Design/Logic Flaw

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483...

5CVSS6.6AI score0.03671EPSS
Exploits1References7Affected Software1
Prion
Prion
•added 2024/03/11 10:15 p.m.•50 views

Code injection

Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from ...

5CVSS5.3AI score0.00664EPSS
Exploits1References4
Prion
Prion
•added 2024/02/29 1:43 a.m.•50 views

Design/Logic Flaw

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setread function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

5CVSS7AI score0.00598EPSS
Exploits0References7
Prion
Prion
•added 2024/02/28 12:15 a.m.•50 views

Code injection

Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. Handling a malicious response could cause extreme CPU and memory usage during the parsing of its content, due to the use of vulnerable regular expressions for that parsing...

5CVSS7.1AI score0.00553EPSS
Exploits1References2
Prion
Prion
•added 2024/01/24 12:15 a.m.•50 views

Design/Logic Flaw

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...

4CVSS6.9AI score0.6005EPSS
Exploits1References7Affected Software1
Prion
Prion
•added 2023/11/03 9:15 a.m.•50 views

Input validation

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processi...

5CVSS7.5AI score0.00764EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/10/26 10:15 a.m.•50 views

Server side request forgery (ssrf)

The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...

6.5CVSS8.6AI score0.00694EPSS
Exploits2References1Affected Software1
Prion
Prion
•added 2023/09/28 2:15 p.m.•50 views

Buffer overflow

An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data...

4.3CVSS7.6AI score0.00175EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/07/18 9:15 p.m.•50 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

1.7CVSS4.6AI score0.01485EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2023/07/13 3:15 p.m.•50 views

Null pointer dereference

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

6.5CVSS8.7AI score0.4292EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2023/03/31 8:15 p.m.•50 views

Server side request forgery (ssrf)

request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/baskets/name. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

4.7CVSS6.1AI score0.07497EPSS
Exploits29References6Affected Software1
Prion
Prion
•added 2023/01/08 3:15 p.m.•50 views

Authentication flaw

JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user...

7.5CVSS9.4AI score0.00632EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/12/13 7:15 p.m.•50 views

Remote code execution

PowerShell Remote Code Execution Vulnerability...

4.6CVSS8.5AI score0.61605EPSS
Exploits4References1Affected Software5
Prion
Prion
•added 2022/10/18 9:15 p.m.•50 views

Code injection

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell...

3CVSS3.5AI score0.0042EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•50 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

3.3CVSS4.8AI score0.0117EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•50 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS6.2AI score0.01196EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/07/28 6:15 a.m.•50 views

Design/Logic Flaw

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...

7.5CVSS9.4AI score0.01659EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2022/03/14 11:15 a.m.•50 views

Design/Logic Flaw

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling...

7.5CVSS9.5AI score0.28189EPSS
Exploits0References16Affected Software7
Prion
Prion
•added 2022/03/10 5:42 p.m.•50 views

Authentication flaw

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

4CVSS6.8AI score0.04675EPSS
Exploits1References8Affected Software16
Prion
Prion
•added 2022/02/18 3:15 p.m.•50 views

Cross site scripting

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...

4.3CVSS6.4AI score0.01456EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000