Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2023/05/30 5:15 a.m.304 views

Code injection

Minecraft through 1.19 and 1.20 pre-releases before 7 Java allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink...

6.8CVSS8.8AI score0.00872EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/01/31 6:29 p.m.300 views

Design/Logic Flaw

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred...

4CVSS6.9AI score0.20906EPSS
Exploits8References7Affected Software4
Prion
Prion
added 2023/10/10 2:15 p.m.298 views

Design/Logic Flaw

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

5CVSS7.2AI score0.99999EPSS
Exploits19References137Affected Software112
Prion
Prion
added 2023/04/11 9:15 p.m.290 views

Remote code execution

Microsoft Message Queuing Remote Code Execution Vulnerability...

7.5CVSS9.4AI score0.95454EPSS
Exploits7References1Affected Software9
Prion
Prion
added 2018/11/07 2:29 p.m.289 views

Design/Logic Flaw

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...

7.8CVSS7.3AI score0.47057EPSS
Exploits0References12Affected Software5
Prion
Prion
added 2022/12/05 4:15 a.m.288 views

Cross site scripting

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...

5.8CVSS6.2AI score0.00958EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/01/31 6:29 p.m.281 views

Design/Logic Flaw

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

4CVSS6.4AI score0.03807EPSS
Exploits0References13Affected Software17
Prion
Prion
added 2008/03/28 6:44 p.m.281 views

Sql injection

SQL injection vulnerability in the Datsogallery comdatsogallery 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely...

7.5CVSS8.7AI score0.00907EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2017/06/26 2:29 p.m.278 views

Stack overflow

A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box...

6.5CVSS7.6AI score0.06427EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2023/01/16 4:15 p.m.277 views

Cross site scripting

The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

4.9CVSS5.3AI score0.00471EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2024/01/22 5:15 a.m.275 views

Spoofing

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...

2.6CVSS5.6AI score0.0096EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2022/10/06 6:17 p.m.273 views

Design/Logic Flaw

A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...

5CVSS7.1AI score0.02714EPSS
Exploits4References5Affected Software2
Prion
Prion
added 2019/04/10 10:29 p.m.272 views

Integer overflow

DISPUTED lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burlnormalize2Ftoslashfix in...

7.5CVSS9.8AI score0.73762EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/02/24 7:15 p.m.268 views

Integer overflow

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1...

2.6CVSS5.3AI score0.01135EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2012/09/05 8:55 p.m.260 views

Sql injection

SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the defaultcommentdisplay parameter in an update action...

7.5CVSS8.9AI score0.01944EPSS
Exploits7References2Affected Software1
Prion
Prion
added 2023/07/24 11:15 a.m.258 views

Privilege escalation

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This...

5CVSS7.8AI score0.00556EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2023/12/18 7:15 p.m.251 views

Command injection

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or...

6.4CVSS7.5AI score0.19753EPSS
Exploits7References11Affected Software2
Prion
Prion
added 2024/02/14 4:15 p.m.243 views

Design/Logic Flaw

Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG...

5CVSS7.7AI score0.99995EPSS
Exploits0References29Affected Software9
Prion
Prion
added 2022/09/19 6:15 p.m.243 views

Design/Logic Flaw

A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer...

4.3CVSS7.5AI score0.00211EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/08/11 6:15 a.m.242 views

Xxe

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...

5CVSS8.2AI score0.0121EPSS
Exploits1References4Affected Software3
Prion
Prion
added 2023/12/18 4:15 p.m.241 views

Design/Logic Flaw

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

2.6CVSS7.6AI score0.9378EPSS
Exploits4References115Affected Software52
Prion
Prion
added 2022/01/31 11:15 a.m.240 views

Code injection

This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic link is followed outside of the target dir allowing writing arbitrary files on the target host. In...

4.6CVSS7.8AI score0.00544EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/10/21 6:15 a.m.234 views

Integer overflow

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface...

7.5CVSS10AI score0.05193EPSS
Exploits1References13Affected Software6
Prion
Prion
added 2016/08/07 9:59 p.m.234 views

Authentication flaw

The authpassword function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service crypt CPU consumption via a long string...

7.8CVSS7AI score0.58568EPSS
Exploits5References15Affected Software2
Prion
Prion
added 2022/11/18 11:15 p.m.232 views

Design/Logic Flaw

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object...

6.5CVSS8.4AI score0.02287EPSS
Exploits1References7Affected Software3
Prion
Prion
added 2013/03/07 8:55 p.m.230 views

Default configuration

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service connection-slot exhaustion by periodically making many new TCP connections...

5CVSS6.9AI score0.1651EPSS
Exploits1References12Affected Software1
Prion
Prion
added 2023/05/17 9:15 a.m.226 views

Cross site scripting

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wplang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such ...

4CVSS5.2AI score0.79527EPSS
Exploits7References5Affected Software1
Prion
Prion
added 2021/12/09 9:15 a.m.223 views

Design/Logic Flaw

A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions...

4.9CVSS4.8AI score0.00349EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/10 2:15 p.m.217 views

Default credentials

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

7.5CVSS9.7AI score0.00908EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/10/19 10:15 p.m.217 views

Design/Logic Flaw

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

3.2CVSS6.8AI score0.01069EPSS
Exploits2References7Affected Software4
Prion
Prion
added 2022/05/03 4:15 p.m.215 views

Command injection

The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the...

10CVSS10AI score0.83223EPSS
Exploits5References14Affected Software6
Prion
Prion
added 2023/06/19 6:15 a.m.214 views

Design/Logic Flaw

DISPUTED In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or...

1.7CVSS5.6AI score0.00239EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/03/23 8:15 p.m.212 views

Design/Logic Flaw

Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...

5.2CVSS8.1AI score0.0046EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/08/29 3:15 p.m.212 views

Design/Logic Flaw

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service...

5CVSS7AI score0.01487EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2023/06/16 8:15 p.m.207 views

Double free

A double free or use after free could occur after SSLclear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected...

7.5CVSS9.4AI score0.00948EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2018/05/01 4:29 p.m.207 views

Information disclosure

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt...

5CVSS7.1AI score0.78905EPSS
Exploits6References9Affected Software7
Prion
Prion
added 2017/10/26 3:29 a.m.207 views

Code injection

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

5CVSS5.3AI score0.03359EPSS
Exploits0References9Affected Software12
Prion
Prion
added 2015/08/24 1:59 a.m.204 views

Design/Logic Flaw

Use-after-free vulnerability in the mmanswerpamfreectx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITORREQPAMFREECTX request...

6.9CVSS6.9AI score0.00599EPSS
Exploits0References16Affected Software1
Prion
Prion
added 2019/02/09 2:29 p.m.199 views

Code injection

Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service application abort or possibly have unspecified other impact if a server application is built with the -DWITHCOOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ librarie...

6.8CVSS8.4AI score0.01996EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2023/08/11 6:15 a.m.197 views

Stack overflow

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

7.5CVSS9.5AI score0.08003EPSS
Exploits3References4Affected Software3
Prion
Prion
added 2023/05/10 2:15 p.m.195 views

Privilege escalation

Uncontrolled search path in the IntelR UniteR Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

4.3CVSS7.8AI score0.00169EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/04/29 1:15 a.m.195 views

Buffer overflow

In BIND 9.5.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.11.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version an...

6.8CVSS9.8AI score0.83406EPSS
Exploits0References10Affected Software3
Prion
Prion
added 2021/04/07 3:15 p.m.194 views

Command injection

The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platformwin32.c via the accessibilityspeakwindows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection...

4.6CVSS8AI score0.01502EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2021/06/22 2:15 p.m.190 views

Null pointer dereference

It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service...

5CVSS7.1AI score0.02418EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/09/26 2:15 p.m.188 views

Design/Logic Flaw

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known...

4.3CVSS7.6AI score0.00216EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/05/04 9:15 p.m.185 views

Authentication flaw

An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use...

7.5CVSS9.2AI score0.01087EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/02/19 2:15 a.m.185 views

Code injection

Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774...

4.6CVSS5.7AI score0.00926EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/05/26 6:15 p.m.181 views

Code injection

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges...

7.2CVSS5.9AI score0.00579EPSS
Exploits0References9Affected Software5
Prion
Prion
added 2024/02/06 2:15 a.m.180 views

Hardcoded credentials

D-LINK Go-RT-AC750 GORTAC750A1FWv101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session...

7.5CVSS7.4AI score0.04834EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2007/06/14 11:30 p.m.179 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

4.3CVSS5.5AI score0.77376EPSS
Exploits1References40Affected Software1
Total number of security vulnerabilities5000