Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2023/07/18 9:15 p.m.49 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Client programs. Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

3.6CVSS5.4AI score0.01152EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2023/07/11 6:15 p.m.49 views

Information disclosure

Windows Netlogon Information Disclosure Vulnerability...

4CVSS8AI score0.01024EPSS
Exploits0References1Affected Software9
Prion
Prion
added 2023/06/28 9:15 p.m.49 views

Design/Logic Flaw

D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts...

7.5CVSS9.5AI score0.01399EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/04 9:15 p.m.49 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RexTheme Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin = 3.1.5 versions...

5.8CVSS6AI score0.00382EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/18 8:15 p.m.49 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.6AI score0.01128EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/30 5:15 a.m.49 views

Design/Logic Flaw

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

5CVSS5.3AI score0.01695EPSS
Exploits1References7Affected Software2
Prion
Prion
added 2023/02/14 8:15 p.m.49 views

Remote code execution

Microsoft Exchange Server Remote Code Execution Vulnerability...

6.5CVSS8.7AI score0.8202EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/18 12:15 a.m.49 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.2CVSS5.9AI score0.01471EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/11/13 8:15 a.m.49 views

Integer overflow

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tifgetimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and m...

6.8CVSS8.5AI score0.01237EPSS
Exploits1References8Affected Software6
Prion
Prion
added 2022/09/23 7:15 p.m.49 views

Privilege escalation

A privilege escalation vulnerability exists in Rocket.chat v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions...

4CVSS4.8AI score0.00647EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/06/17 1:15 p.m.49 views

Race condition

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or...

4.4CVSS9.1AI score0.99999EPSS
Exploits353References2Affected Software1
Prion
Prion
added 2022/04/19 9:15 p.m.49 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

5.5CVSS5AI score0.01509EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/04/19 9:15 p.m.49 views

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5CVSS4.7AI score0.02651EPSS
Exploits0References5Affected Software5
Prion
Prion
added 2022/03/10 5:44 p.m.49 views

Design/Logic Flaw

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...

7.2CVSS7.7AI score0.88106EPSS
Exploits100References10Affected Software20
Prion
Prion
added 2021/04/22 10:15 p.m.49 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.9AI score0.04643EPSS
Exploits0References10Affected Software3
Prion
Prion
added 2021/02/09 4:15 p.m.49 views

Heap overflow

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.8AI score0.19815EPSS
Exploits0References7Affected Software3
Prion
Prion
added 2020/11/09 1:15 a.m.49 views

Remote code execution

Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components...

9CVSS8.9AI score0.0552EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/05/26 6:15 p.m.49 views

Design/Logic Flaw

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR 68.8 and Firefox 76...

7.5CVSS8.8AI score0.02714EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2019/11/26 4:15 a.m.49 views

Code injection

An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...

5CVSS7.5AI score0.01122EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/09 8:15 p.m.49 views

Session fixation

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options...

5CVSS8.5AI score0.23354EPSS
Exploits2References9Affected Software11
Prion
Prion
added 2019/07/23 11:15 p.m.49 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4CVSS6.1AI score0.0377EPSS
Exploits0References12Affected Software11
Prion
Prion
added 2019/03/26 5:29 p.m.49 views

Design/Logic Flaw

An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager in the files action.adminbulkcss.php and action.adminbulktemplate.php, with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1allparms parameter, and...

6.5CVSS8.7AI score0.12503EPSS
Exploits3References4Affected Software1
Prion
Prion
added 2019/03/21 4:1 p.m.49 views

Denial of service

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server based on gSOAP 2.8.x is configured for an iterative queueing approach aka non-threaded operation with a timeout of several seconds...

5CVSS7.4AI score0.13776EPSS
Exploits5References3Affected Software1
Prion
Prion
added 2018/08/02 3:29 p.m.49 views

Integer overflow

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a long string because of an Integer overflow in mysqlirealescapestring...

7.5CVSS9.9AI score0.07562EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2018/02/15 2:29 a.m.49 views

Privilege escalation

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are...

4.6CVSS5.8AI score0.02131EPSS
Exploits1References3Affected Software5
Prion
Prion
added 2017/11/15 3:29 a.m.49 views

Security feature bypass

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security...

4.3CVSS4.8AI score0.07245EPSS
Exploits1References3
Prion
Prion
added 2017/03/07 4:59 p.m.49 views

Integer overflow

Integer truncation error in the amapalloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value...

7.2CVSS7.7AI score0.00596EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2016/10/25 2:31 p.m.49 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to...

6.9AI score0.04313EPSS
Exploits17
Prion
Prion
added 2015/01/28 7:59 p.m.49 views

Heap overflow

Heap-based buffer overflow in the nsshostnamedigitsdots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the 1 gethostbyname or 2 gethostbyname2 function, aka "GHOST."...

10CVSS8.6AI score0.94859EPSS
Exploits29References90Affected Software18
Prion
Prion
added 2014/03/14 3:55 p.m.49 views

Sql injection

SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname...

7.5CVSS8.8AI score0.61665EPSS
Exploits2References12Affected Software5
Prion
Prion
added 2007/05/10 12:19 a.m.49 views

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a hash in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and 1 whstart.js...

4.3CVSS6.1AI score0.05556EPSS
Exploits0References9Affected Software2
Prion
Prion
added 2024/03/12 8:15 p.m.48 views

Design/Logic Flaw

FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing...

5.5CVSS6.9AI score0.00554EPSS
Exploits1References2
Prion
Prion
added 2024/03/11 6:15 p.m.48 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned BUG There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info device...

7AI score0.00291EPSS
Exploits0References3
Prion
Prion
added 2024/02/09 6:15 p.m.48 views

Design/Logic Flaw

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...

6.5CVSS7.4AI score0.8384EPSS
Exploits4References2Affected Software1
Prion
Prion
added 2024/01/28 3:15 a.m.48 views

Crlf injection

An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

7.5CVSS8.3AI score0.01808EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/09/27 3:19 p.m.48 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Qode Interactive Bridge Core plugin = 3.0.9 versions...

5.8CVSS6AI score0.00323EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/03 6:15 p.m.48 views

Path traversal

A path traversal vulnerability in Ivanti EPMM versions 11.10.x 11.10.0.3, 11.9.x 11.9.1.2 and 11.8.x 11.8.1.2 allows an authenticated administrator to write arbitrary files onto the appliance...

5.8CVSS8.1AI score0.63316EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/07/11 6:15 p.m.48 views

Privilege escalation

Windows Win32k Elevation of Privilege Vulnerability...

4.3CVSS8AI score0.00422EPSS
Exploits0References1Affected Software8
Prion
Prion
added 2023/07/03 5:15 p.m.48 views

Format string

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is...

5CVSS5.2AI score0.00851EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/06/08 2:15 a.m.48 views

Authentication flaw

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...

7.5CVSS9.7AI score0.42814EPSS
Exploits5References8Affected Software1
Prion
Prion
added 2023/04/12 5:15 p.m.48 views

Race condition

A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition...

2.4CVSS6.2AI score0.00111EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/18 12:15 a.m.48 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS5.1AI score0.00853EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/01 6:15 a.m.48 views

Path traversal

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

1.7CVSS3.5AI score0.00702EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/09/28 2:15 p.m.48 views

Design/Logic Flaw

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...

2.6CVSS4AI score0.01746EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2022/08/18 7:15 p.m.48 views

Design/Logic Flaw

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

6CVSS7.7AI score0.0152EPSS
Exploits0References3Affected Software3
Prion
Prion
added 2022/03/28 6:15 p.m.48 views

Cross site scripting

The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the aysfbtab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

4.3CVSS6.2AI score0.00788EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/03/14 11:15 a.m.48 views

Integer overflow

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

5.8CVSS9.5AI score0.41861EPSS
Exploits0References16Affected Software7
Prion
Prion
added 2022/01/28 8:15 p.m.48 views

Privilege escalation

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters coun...

7.2CVSS8.4AI score0.94921EPSS
Exploits151References11Affected Software30
Prion
Prion
added 2021/12/14 12:15 p.m.48 views

Deserialization of untrusted data

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

6CVSS9.3AI score0.99999EPSS
Exploits352References14Affected Software38
Prion
Prion
added 2021/07/02 10:15 p.m.48 views

Remote code execution

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

9CVSS9.1AI score0.99759EPSS
Exploits75References2Affected Software15
Total number of security vulnerabilities5000