Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2014/03/14 3:55 p.m.•48 views

Sql injection

SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname...

7.5CVSS8.8AI score0.61665EPSS
Exploits2References12Affected Software5
Prion
Prion
•added 2013/07/04 9:55 p.m.•48 views

Design/Logic Flaw

A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux RHEL 6 allows local users to cause a denial of service invalid free operation and system crash or possibly gain privileges via a sendmsg system call with the IPRETOPTS option, as demonstrated by hemlock.c. NOTE: this...

6.9CVSS6AI score0.0285EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2011/03/02 8:0 p.m.•48 views

Code injection

The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service CPU and memory consumption via crafted glob expressions that do not match any pathnames, as...

4CVSS6.4AI score0.32357EPSS
Exploits11References9Affected Software4
Prion
Prion
•added 2009/04/06 9:30 p.m.•48 views

Sql injection

SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter...

7.5CVSS9.1AI score0.01003EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2007/07/27 10:30 p.m.•48 views

Cross site scripting

Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which...

4.3CVSS8.7AI score0.29355EPSS
Exploits3References4Affected Software2
Prion
Prion
•added 2024/03/15 12:17 a.m.•47 views

Improper access control

Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts...

7.6AI score0.00842EPSS
Exploits1References2
Prion
Prion
•added 2024/03/06 5:15 p.m.•47 views

Buffer overflow

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...

4.7CVSS8.4AI score0.00793EPSS
Exploits0References1
Prion
Prion
•added 2024/02/17 5:15 a.m.•47 views

Authentication flaw

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...

6.4CVSS7.4AI score0.0068EPSS
Exploits0References4
Prion
Prion
•added 2024/01/16 5:15 a.m.•47 views

Template injection

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server...

7.5CVSS9.7AI score0.99984EPSS
Exploits31References3Affected Software2
Prion
Prion
•added 2023/12/15 11:15 a.m.•47 views

Remote code execution

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote...

7.5CVSS8.5AI score0.97846EPSS
Exploits14References8Affected Software1
Prion
Prion
•added 2023/11/30 1:15 p.m.•47 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0...

4.3CVSS6.9AI score0.00427EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/11/20 9:15 a.m.•47 views

Design/Logic Flaw

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

7.5CVSS7.2AI score0.99615EPSS
Exploits8References3Affected Software1
Prion
Prion
•added 2023/11/14 9:15 p.m.•47 views

Open redirect

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

6.4CVSS7AI score0.00827EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/09/20 5:15 p.m.•47 views

Code injection

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

4CVSS4.7AI score0.03388EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/08/24 5:15 p.m.•47 views

Design/Logic Flaw

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was inadvertently left...

6.8CVSS8.5AI score0.0041EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/08/08 6:15 p.m.•47 views

Privilege escalation

Windows Kernel Elevation of Privilege Vulnerability...

4.3CVSS8.5AI score0.05991EPSS
Exploits0References2Affected Software8
Prion
Prion
•added 2023/08/03 6:15 p.m.•47 views

Path traversal

A path traversal vulnerability in Ivanti EPMM versions 11.10.x 11.10.0.3, 11.9.x 11.9.1.2 and 11.8.x 11.8.1.2 allows an authenticated administrator to write arbitrary files onto the appliance...

5.8CVSS8.1AI score0.63316EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/07/11 6:15 p.m.•47 views

Privilege escalation

Windows Win32k Elevation of Privilege Vulnerability...

4.3CVSS8AI score0.00422EPSS
Exploits0References1Affected Software8
Prion
Prion
•added 2023/07/03 5:15 p.m.•47 views

Format string

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is...

5CVSS5.2AI score0.0069EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2023/05/12 4:15 p.m.•47 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SnapOrbital Panorama plugin = 1.5 versions...

4.3CVSS4.8AI score0.00392EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/04/17 10:15 p.m.•47 views

Design/Logic Flaw

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service DoS. In a BGP rib sharding scenario, when an attribute of an active BG...

5CVSS7.4AI score0.00644EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2023/03/28 3:15 p.m.•47 views

Design/Logic Flaw

The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate...

5CVSS6.2AI score0.01625EPSS
Exploits0References10Affected Software1
Prion
Prion
•added 2023/02/08 8:15 p.m.•47 views

Design/Logic Flaw

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

5CVSS7.7AI score0.04494EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2023/01/18 12:15 a.m.•47 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS5.1AI score0.00853EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/01/17 11:15 p.m.•47 views

Integer overflow

Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a .gitattributes file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this...

7.5CVSS9.6AI score0.56334EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/01/13 12:15 a.m.•47 views

Design/Logic Flaw

DISPUTED An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."...

5CVSS7.4AI score0.06237EPSS
Exploits2References3Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•47 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.3CVSS4.9AI score0.0117EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/08/18 7:15 p.m.•47 views

Design/Logic Flaw

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

6CVSS7.7AI score0.0152EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2022/01/28 8:15 p.m.•47 views

Privilege escalation

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters coun...

7.2CVSS8.4AI score0.94921EPSS
Exploits151References11Affected Software30
Prion
Prion
•added 2021/12/14 12:15 p.m.•47 views

Deserialization of untrusted data

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

6CVSS9.3AI score0.99999EPSS
Exploits350References14Affected Software38
Prion
Prion
•added 2021/07/12 3:15 p.m.•47 views

Design/Logic Flaw

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once ...

5CVSS7.2AI score0.06889EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2021/06/17 2:15 p.m.•47 views

Sql injection

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...

4CVSS5.2AI score0.00622EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/03/03 12:15 a.m.•47 views

Remote code execution

Microsoft Exchange Server Remote Code Execution Vulnerability...

6.8CVSS8AI score0.99946EPSS
Exploits30References3Affected Software1
Prion
Prion
•added 2021/01/26 9:15 p.m.•47 views

Design/Logic Flaw

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

4.3CVSS6.7AI score0.01962EPSS
Exploits0References4Affected Software7
Prion
Prion
•added 2020/12/08 8:15 p.m.•47 views

Code injection

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files...

2.1CVSS5.5AI score0.00418EPSS
Exploits0References9Affected Software7
Prion
Prion
•added 2020/07/15 6:15 p.m.•47 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.9AI score0.02154EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2020/05/20 7:15 p.m.•47 views

Deserialization of untrusted data

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...

4.4CVSS7.3AI score0.56636EPSS
Exploits15References42Affected Software26
Prion
Prion
•added 2020/02/24 2:15 p.m.•47 views

Command injection

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...

7.2CVSS7.7AI score0.00495EPSS
Exploits0References20Affected Software8
Prion
Prion
•added 2020/02/10 3:15 p.m.•47 views

Command injection

A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro...

6.5CVSS7.8AI score0.05804EPSS
Exploits6References1Affected Software1
Prion
Prion
•added 2019/10/16 6:15 p.m.•47 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS6.1AI score0.02653EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2018/05/16 4:29 p.m.•47 views

Default configuration

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

7.5CVSS9.2AI score0.21979EPSS
Exploits0References39Affected Software4
Prion
Prion
•added 2018/05/09 7:29 p.m.•47 views

Remote code execution

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,...

7.6CVSS8AI score0.87814EPSS
Exploits9References4Affected Software5
Prion
Prion
•added 2018/05/09 7:29 p.m.•47 views

Remote code execution

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151...

10CVSS7AI score0.21854EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2018/04/29 9:29 p.m.•47 views

Design/Logic Flaw

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exifreaddata in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exifiifaddvalue mishandles the case of a MakerNote that lacks a final '\0' character...

6.8CVSS8.4AI score0.0725EPSS
Exploits0References13Affected Software3
Prion
Prion
•added 2017/05/17 11:29 p.m.•47 views

Sql injection

SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS9.7AI score0.99826EPSS
Exploits21References5Affected Software1
Prion
Prion
•added 2017/04/06 9:59 p.m.•47 views

Remote code execution

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency...

7.5CVSS9.4AI score0.92334EPSS
Exploits1References36Affected Software1
Prion
Prion
•added 2017/04/04 5:59 p.m.•47 views

Design/Logic Flaw

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...

2.1CVSS5.2AI score0.00419EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2017/03/17 12:59 a.m.•47 views

Remote code execution

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka...

9.3CVSS8.5AI score0.99373EPSS
Exploits92References12Affected Software1
Prion
Prion
•added 2017/03/17 12:59 a.m.•47 views

Remote code execution

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka...

9.3CVSS8.5AI score0.99373EPSS
Exploits92References10Affected Software1
Prion
Prion
•added 2014/12/10 3:59 p.m.•47 views

Integer overflow

Multiple integer overflows in X.Org X Window System aka X11 or X X11R1 and X.Org Server aka xserver and xorg-server before 1.16.3 allow remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via a crafted request to the 1 ProcPutImage, 2 GetHosts, 3...

6.5CVSS8AI score0.04373EPSS
Exploits0References12Affected Software2
Total number of security vulnerabilities5000