Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2019/10/29 7:15 p.m.49 views

Directory traversal

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory...

7.5CVSS9.3AI score0.01866EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/07/13 9:15 p.m.49 views

Design/Logic Flaw

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5CVSS7AI score0.0388EPSS
Exploits1References18Affected Software1
Prion
Prion
added 2019/03/26 5:29 p.m.49 views

Design/Logic Flaw

An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager in the files action.adminbulkcss.php and action.adminbulktemplate.php, with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1allparms parameter, and...

6.5CVSS8.7AI score0.12503EPSS
Exploits3References4Affected Software1
Prion
Prion
added 2019/03/21 4:1 p.m.49 views

Denial of service

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server based on gSOAP 2.8.x is configured for an iterative queueing approach aka non-threaded operation with a timeout of several seconds...

5CVSS7.4AI score0.13776EPSS
Exploits5References3Affected Software1
Prion
Prion
added 2019/01/16 7:30 p.m.49 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

4CVSS6.1AI score0.0436EPSS
Exploits0References9Affected Software12
Prion
Prion
added 2017/10/04 1:29 a.m.49 views

Code injection

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...

6.8CVSS7.6AI score0.99988EPSS
Exploits23References44Affected Software1
Prion
Prion
added 2017/03/07 4:59 p.m.49 views

Integer overflow

Integer truncation error in the amapalloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value...

7.2CVSS7.7AI score0.00596EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2015/01/28 7:59 p.m.49 views

Heap overflow

Heap-based buffer overflow in the nsshostnamedigitsdots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the 1 gethostbyname or 2 gethostbyname2 function, aka "GHOST."...

10CVSS8.6AI score0.94859EPSS
Exploits29References90Affected Software18
Prion
Prion
added 2013/02/19 11:55 p.m.49 views

Design/Logic Flaw

Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a...

9.3CVSS8.1AI score0.0442EPSS
Exploits0References11Affected Software13
Prion
Prion
added 2009/08/26 2:24 p.m.49 views

Sql injection

Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to vote.php, which is not properly handled in libs/link.php; 2 id parameter to trackback.php; 3 an unspecified parameter to submit.php; 4 requestTitle...

7.5CVSS9.2AI score0.02098EPSS
Exploits1References15Affected Software1
Prion
Prion
added 2007/05/10 12:19 a.m.49 views

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a hash in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and 1 whstart.js...

4.3CVSS6.1AI score0.05556EPSS
Exploits0References9Affected Software2
Prion
Prion
added 2006/04/11 12:2 a.m.49 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party ALP, allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including 1 ase.php, 2 devi.php, 3 doom3.php,...

7.5CVSS7.8AI score0.07481EPSS
Exploits2References40Affected Software1
Prion
Prion
added 2024/03/12 8:15 p.m.48 views

Design/Logic Flaw

FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing...

5.5CVSS6.9AI score0.00554EPSS
Exploits1References2
Prion
Prion
added 2024/03/11 6:15 p.m.48 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned BUG There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info device...

7AI score0.00291EPSS
Exploits0References3
Prion
Prion
added 2024/02/09 6:15 p.m.48 views

Design/Logic Flaw

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...

6.5CVSS7.4AI score0.8384EPSS
Exploits4References2Affected Software1
Prion
Prion
added 2024/01/28 3:15 a.m.48 views

Crlf injection

An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

7.5CVSS8.3AI score0.01808EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/09/27 3:19 p.m.48 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Qode Interactive Bridge Core plugin = 3.0.9 versions...

5.8CVSS6AI score0.00323EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/22 7:16 p.m.48 views

Stack overflow

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution...

7.5CVSS9.7AI score0.02979EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/07/19 6:15 p.m.48 views

Remote code execution

Unauthenticated remote code execution...

7.5CVSS9.8AI score0.99445EPSS
Exploits16References2Affected Software2
Prion
Prion
added 2023/06/08 2:15 a.m.48 views

Authentication flaw

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...

7.5CVSS9.7AI score0.42814EPSS
Exploits5References8Affected Software1
Prion
Prion
added 2023/05/04 9:15 p.m.48 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RexTheme Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin = 3.1.5 versions...

5.8CVSS6AI score0.00382EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/18 8:15 p.m.48 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.6AI score0.01128EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/04/12 5:15 p.m.48 views

Race condition

A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition...

2.4CVSS6.2AI score0.00111EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/03/30 5:15 a.m.48 views

Design/Logic Flaw

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

5CVSS5.3AI score0.01695EPSS
Exploits1References7Affected Software2
Prion
Prion
added 2023/02/14 8:15 p.m.48 views

Remote code execution

Microsoft Exchange Server Remote Code Execution Vulnerability...

6.5CVSS8.7AI score0.8202EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/18 12:15 a.m.48 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.2CVSS5.9AI score0.01471EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/01 6:15 a.m.48 views

Path traversal

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

1.7CVSS3.5AI score0.00702EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/09/28 2:15 p.m.48 views

Design/Logic Flaw

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...

2.6CVSS4AI score0.01746EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2022/03/28 6:15 p.m.48 views

Cross site scripting

The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the aysfbtab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

4.3CVSS6.2AI score0.00788EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/03/14 11:15 a.m.48 views

Integer overflow

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

5.8CVSS9.5AI score0.41861EPSS
Exploits0References16Affected Software7
Prion
Prion
added 2022/03/10 5:44 p.m.48 views

Design/Logic Flaw

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...

7.2CVSS7.7AI score0.88106EPSS
Exploits100References10Affected Software20
Prion
Prion
added 2021/07/02 10:15 p.m.48 views

Remote code execution

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

9CVSS9.1AI score0.99759EPSS
Exploits75References2Affected Software15
Prion
Prion
added 2021/04/29 1:15 a.m.48 views

Authentication flaw

In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record...

5CVSS7.4AI score0.11296EPSS
Exploits0References12Affected Software5
Prion
Prion
added 2021/04/22 10:15 p.m.48 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.9AI score0.04643EPSS
Exploits0References10Affected Software3
Prion
Prion
added 2021/02/09 4:15 p.m.48 views

Heap overflow

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.8AI score0.19815EPSS
Exploits0References7Affected Software3
Prion
Prion
added 2020/11/09 1:15 a.m.48 views

Remote code execution

Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components...

9CVSS8.9AI score0.0552EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/08/10 2:15 p.m.48 views

Server side request forgery (ssrf)

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF...

6.5CVSS8.5AI score0.01158EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2020/05/26 6:15 p.m.48 views

Design/Logic Flaw

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR 68.8 and Firefox 76...

7.5CVSS8.8AI score0.02714EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2020/04/09 3:15 a.m.48 views

Design/Logic Flaw

SQLite through 3.31.1 allows attackers to cause a denial of service segmentation fault via a malformed window-function query because the AggInfo object's initialization is mishandled...

5CVSS7.3AI score0.04856EPSS
Exploits1References14Affected Software17
Prion
Prion
added 2019/08/09 8:15 p.m.48 views

Session fixation

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options...

5CVSS8.5AI score0.23354EPSS
Exploits2References9Affected Software11
Prion
Prion
added 2019/07/23 11:15 p.m.48 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4CVSS6.1AI score0.0377EPSS
Exploits0References12Affected Software11
Prion
Prion
added 2019/06/19 11:15 p.m.48 views

Out-of-bounds

BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors...

7.5CVSS9.3AI score0.08042EPSS
Exploits0References23Affected Software6
Prion
Prion
added 2018/08/18 2:29 a.m.48 views

Sql injection

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...

7.5CVSS9.4AI score0.02611EPSS
Exploits2References3Affected Software2
Prion
Prion
added 2018/08/02 3:29 p.m.48 views

Integer overflow

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a long string because of an Integer overflow in mysqlirealescapestring...

7.5CVSS9.9AI score0.07562EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2018/04/06 1:29 p.m.48 views

Input validation

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application server A receives input from a remote client, and then uses that input to make a...

6CVSS8.3AI score0.02831EPSS
Exploits0References10Affected Software25
Prion
Prion
added 2018/02/15 2:29 a.m.48 views

Privilege escalation

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are...

4.6CVSS5.8AI score0.02131EPSS
Exploits1References3Affected Software5
Prion
Prion
added 2017/11/15 3:29 a.m.48 views

Security feature bypass

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security...

4.3CVSS4.8AI score0.07245EPSS
Exploits1References3
Prion
Prion
added 2017/10/05 1:29 a.m.48 views

Heap overflow

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a...

4.3CVSS6.3AI score0.03875EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2016/10/25 2:31 p.m.48 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to...

6.9AI score0.04313EPSS
Exploits17
Prion
Prion
added 2014/11/11 10:55 p.m.48 views

Memory corruption

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6342...

9.3CVSS7.8AI score0.15682EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000