Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2021/04/29 1:15 a.m.•48 views

Authentication flaw

In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record...

5CVSS7.4AI score0.11296EPSS
Exploits0References12Affected Software5
Prion
Prion
•added 2021/03/03 12:15 a.m.•48 views

Remote code execution

Microsoft Exchange Server Remote Code Execution Vulnerability...

6.8CVSS8AI score0.99946EPSS
Exploits30References3Affected Software1
Prion
Prion
•added 2020/08/10 2:15 p.m.•48 views

Server side request forgery (ssrf)

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF...

6.5CVSS8.5AI score0.01158EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2020/07/15 6:15 p.m.•48 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.9AI score0.02154EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2020/05/20 7:15 p.m.•48 views

Deserialization of untrusted data

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...

4.4CVSS7.3AI score0.56636EPSS
Exploits15References42Affected Software26
Prion
Prion
•added 2020/04/09 3:15 a.m.•48 views

Design/Logic Flaw

SQLite through 3.31.1 allows attackers to cause a denial of service segmentation fault via a malformed window-function query because the AggInfo object's initialization is mishandled...

5CVSS7.3AI score0.04856EPSS
Exploits1References14Affected Software17
Prion
Prion
•added 2020/02/24 2:15 p.m.•48 views

Command injection

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...

7.2CVSS7.7AI score0.00495EPSS
Exploits0References20Affected Software8
Prion
Prion
•added 2019/10/16 6:15 p.m.•48 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.5CVSS4.4AI score0.02985EPSS
Exploits0References9Affected Software5
Prion
Prion
•added 2019/10/16 6:15 p.m.•48 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS6.1AI score0.02653EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2019/06/19 11:15 p.m.•48 views

Out-of-bounds

BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors...

7.5CVSS9.3AI score0.08042EPSS
Exploits0References23Affected Software6
Prion
Prion
•added 2018/08/18 2:29 a.m.•48 views

Sql injection

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid...

7.5CVSS9.4AI score0.02611EPSS
Exploits2References3Affected Software2
Prion
Prion
•added 2018/05/09 7:29 p.m.•48 views

Remote code execution

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,...

7.6CVSS8AI score0.87814EPSS
Exploits9References4Affected Software5
Prion
Prion
•added 2018/04/06 1:29 p.m.•48 views

Input validation

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application server A receives input from a remote client, and then uses that input to make a...

6CVSS8.3AI score0.02831EPSS
Exploits0References10Affected Software25
Prion
Prion
•added 2017/10/05 1:29 a.m.•48 views

Heap overflow

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a...

4.3CVSS6.3AI score0.03875EPSS
Exploits0References7Affected Software1
Prion
Prion
•added 2017/05/17 11:29 p.m.•48 views

Sql injection

SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS9.7AI score0.99826EPSS
Exploits21References5Affected Software1
Prion
Prion
•added 2017/04/04 5:59 p.m.•48 views

Design/Logic Flaw

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...

2.1CVSS5.2AI score0.00419EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2017/03/17 12:59 a.m.•48 views

Remote code execution

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka...

9.3CVSS8.5AI score0.99373EPSS
Exploits92References12Affected Software1
Prion
Prion
•added 2017/03/17 12:59 a.m.•48 views

Remote code execution

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka...

9.3CVSS8.5AI score0.99373EPSS
Exploits92References10Affected Software1
Prion
Prion
•added 2014/12/10 3:59 p.m.•48 views

Integer overflow

Multiple integer overflows in X.Org X Window System aka X11 or X X11R1 and X.Org Server aka xserver and xorg-server before 1.16.3 allow remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via a crafted request to the 1 ProcPutImage, 2 GetHosts, 3...

6.5CVSS8AI score0.04373EPSS
Exploits0References12Affected Software2
Prion
Prion
•added 2014/11/11 10:55 p.m.•48 views

Memory corruption

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6342...

9.3CVSS7.8AI score0.15682EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2014/09/10 1:55 a.m.•48 views

Memory corruption

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065,...

9.3CVSS7.6AI score0.3125EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2013/07/04 9:55 p.m.•48 views

Design/Logic Flaw

A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux RHEL 6 allows local users to cause a denial of service invalid free operation and system crash or possibly gain privileges via a sendmsg system call with the IPRETOPTS option, as demonstrated by hemlock.c. NOTE: this...

6.9CVSS6AI score0.0285EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2011/03/02 8:0 p.m.•48 views

Code injection

The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service CPU and memory consumption via crafted glob expressions that do not match any pathnames, as...

4CVSS6.4AI score0.32357EPSS
Exploits11References9Affected Software4
Prion
Prion
•added 2009/04/06 9:30 p.m.•48 views

Sql injection

SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter...

7.5CVSS9.1AI score0.01003EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2007/07/27 10:30 p.m.•48 views

Cross site scripting

Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which...

4.3CVSS8.7AI score0.29355EPSS
Exploits3References4Affected Software2
Prion
Prion
•added 2024/03/15 12:17 a.m.•47 views

Improper access control

Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts...

7.6AI score0.00842EPSS
Exploits1References2
Prion
Prion
•added 2024/03/06 5:15 p.m.•47 views

Buffer overflow

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...

4.7CVSS8.4AI score0.00793EPSS
Exploits0References1
Prion
Prion
•added 2024/03/04 1:15 a.m.•47 views

Sql injection

A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. Affected is an unknown function of the file adminclass.php. The manipulation of the argument img leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS6.9AI score0.00556EPSS
Exploits0References3
Prion
Prion
•added 2024/02/17 5:15 a.m.•47 views

Authentication flaw

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...

6.4CVSS7.4AI score0.0068EPSS
Exploits0References4
Prion
Prion
•added 2024/01/16 5:15 a.m.•47 views

Template injection

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server...

7.5CVSS9.7AI score0.99984EPSS
Exploits32References3Affected Software2
Prion
Prion
•added 2023/12/15 11:15 a.m.•47 views

Remote code execution

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote...

7.5CVSS8.5AI score0.97846EPSS
Exploits14References8Affected Software1
Prion
Prion
•added 2023/11/30 1:15 p.m.•47 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0...

4.3CVSS6.9AI score0.00427EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/11/20 9:15 a.m.•47 views

Design/Logic Flaw

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

7.5CVSS7.2AI score0.99615EPSS
Exploits8References3Affected Software1
Prion
Prion
•added 2023/11/14 9:15 p.m.•47 views

Open redirect

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

6.4CVSS7AI score0.00827EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/09/20 5:15 p.m.•47 views

Code injection

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

4CVSS4.7AI score0.03388EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/09/15 8:15 p.m.•47 views

Design/Logic Flaw

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...

5CVSS5.6AI score0.01069EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2023/08/24 5:15 p.m.•47 views

Design/Logic Flaw

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was inadvertently left...

6.8CVSS8.5AI score0.0041EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/08/15 4:15 p.m.•47 views

Authentication flaw

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier...

7.5CVSS8.3AI score0.99999EPSS
Exploits14References1Affected Software1
Prion
Prion
•added 2023/08/08 6:15 p.m.•47 views

Privilege escalation

Windows Kernel Elevation of Privilege Vulnerability...

4.3CVSS8.5AI score0.05991EPSS
Exploits0References2Affected Software8
Prion
Prion
•added 2023/07/21 3:15 p.m.•47 views

Design/Logic Flaw

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...

7.5CVSS9.7AI score0.97924EPSS
Exploits36References6Affected Software1
Prion
Prion
•added 2023/05/12 4:15 p.m.•47 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SnapOrbital Panorama plugin = 1.5 versions...

4.3CVSS4.8AI score0.00392EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/04/17 10:15 p.m.•47 views

Design/Logic Flaw

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service DoS. In a BGP rib sharding scenario, when an attribute of an active BG...

5CVSS7.4AI score0.00644EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/03/28 3:15 p.m.•47 views

Design/Logic Flaw

The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate...

5CVSS6.2AI score0.01625EPSS
Exploits0References10Affected Software1
Prion
Prion
•added 2023/02/08 8:15 p.m.•47 views

Design/Logic Flaw

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

5CVSS7.7AI score0.04494EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2023/01/17 11:15 p.m.•47 views

Integer overflow

Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a .gitattributes file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this...

7.5CVSS9.6AI score0.56334EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/01/17 8:15 p.m.•47 views

Design/Logic Flaw

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

5CVSS8AI score0.03546EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/01/13 12:15 a.m.•47 views

Design/Logic Flaw

DISPUTED An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."...

5CVSS7.4AI score0.06237EPSS
Exploits2References3Affected Software1
Prion
Prion
•added 2022/11/09 10:15 p.m.•47 views

Privilege escalation

Windows Kerberos Elevation of Privilege Vulnerability...

5.8CVSS7.3AI score0.04488EPSS
Exploits0References2Affected Software4
Prion
Prion
•added 2022/10/18 9:15 p.m.•47 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.3CVSS4.9AI score0.0117EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/08/29 5:15 p.m.•47 views

Cross site scripting

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

5.8CVSS7.1AI score0.01208EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities5000