Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2014/09/10 1:55 a.m.•47 views

Memory corruption

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065,...

9.3CVSS7.6AI score0.3125EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2009/04/13 4:30 p.m.•47 views

Code injection

Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware...

6.8CVSS7.5AI score0.01998EPSS
Exploits3References10Affected Software7
Prion
Prion
•added 2009/03/12 3:20 p.m.•47 views

Directory traversal

Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. dot dot in a /CIMListener/ URI in an M-POST request...

6.8CVSS7.4AI score0.31595EPSS
Exploits11References8Affected Software1
Prion
Prion
•added 2024/03/15 12:17 a.m.•46 views

Authorization

A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization...

7.2AI score0.00745EPSS
Exploits1References2
Prion
Prion
•added 2024/03/11 7:15 p.m.•46 views

Design/Logic Flaw

In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app cannot access due to Intent Redirect GRANTURIPERMISSIONS Attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7AI score0.0008EPSS
Exploits0References1
Prion
Prion
•added 2024/03/11 6:15 p.m.•46 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: xsk: fix usage of multi-buffer BPF helpers for ZC XDP Currently when packet is shrunk via bpfxdpadjusttail and memory type is set to MEMTYPEXSKBUFFPOOL, null ptr dereference happens: 1136314.192256 BUG: kernel NULL pointer...

6.9AI score0.00238EPSS
Exploits0References3
Prion
Prion
•added 2024/03/04 1:15 a.m.•46 views

Sql injection

A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. Affected is an unknown function of the file adminclass.php. The manipulation of the argument img leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS6.9AI score0.00556EPSS
Exploits0References3
Prion
Prion
•added 2023/10/26 5:15 p.m.•46 views

Remote code execution

NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679...

7.5CVSS9.8AI score0.97106EPSS
Exploits22References2Affected Software1
Prion
Prion
•added 2023/10/09 9:15 p.m.•46 views

Improper access control

Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols...

6.4CVSS9.1AI score0.00586EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/09/20 6:15 a.m.•46 views

Privilege escalation

Incorrect verifier pruning in BPF in Linux Kernel =5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape...

4.3CVSS8.5AI score0.03546EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/09/19 5:15 p.m.•46 views

Authentication flaw

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible...

7.5CVSS9.6AI score0.99979EPSS
Exploits17References6Affected Software1
Prion
Prion
•added 2023/09/15 8:15 p.m.•46 views

Design/Logic Flaw

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...

5CVSS5.6AI score0.01069EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2023/08/15 4:15 p.m.•46 views

Authentication flaw

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier...

7.5CVSS8.3AI score0.99999EPSS
Exploits14References1Affected Software1
Prion
Prion
•added 2023/07/21 3:15 p.m.•46 views

Design/Logic Flaw

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...

7.5CVSS9.7AI score0.97924EPSS
Exploits36References6Affected Software1
Prion
Prion
•added 2023/07/18 3:15 a.m.•46 views

Buffer overflow

A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version...

4CVSS6.8AI score0.00179EPSS
Exploits0References2Affected Software4
Prion
Prion
•added 2023/06/30 3:15 a.m.•46 views

Information disclosure

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information...

5CVSS7.3AI score0.0053EPSS
Exploits0References1Affected Software9
Prion
Prion
•added 2023/01/17 11:15 p.m.•46 views

Integer overflow

Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is a integer overflow in...

7.5CVSS9.8AI score0.44268EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2023/01/17 8:15 p.m.•46 views

Design/Logic Flaw

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

5CVSS8AI score0.03546EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/11/09 10:15 p.m.•46 views

Privilege escalation

Windows Kerberos Elevation of Privilege Vulnerability...

5.8CVSS7.3AI score0.04488EPSS
Exploits0References2Affected Software4
Prion
Prion
•added 2022/10/22 12:15 a.m.•46 views

Design/Logic Flaw

Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields...

4CVSS4.5AI score0.00606EPSS
Exploits0References2Affected Software7
Prion
Prion
•added 2022/08/29 5:15 p.m.•46 views

Cross site scripting

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

5.8CVSS7.1AI score0.01208EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2022/08/22 3:15 p.m.•46 views

Design/Logic Flaw

The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration so PHP is not possible if there is a frontend form available. This vulnerability was introduced i...

6.8CVSS8.6AI score0.01264EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2022/07/28 2:15 a.m.•46 views

Heap overflow

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.8AI score0.70461EPSS
Exploits0References8Affected Software11
Prion
Prion
•added 2022/07/17 5:15 p.m.•46 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file...

6.8CVSS8.5AI score0.00418EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2022/07/11 1:15 a.m.•46 views

Path traversal

The duducosmos/livropython repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

6.4CVSS9.3AI score0.01164EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/01/25 6:15 p.m.•46 views

Design/Logic Flaw

Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2...

4.6CVSS7.7AI score0.00609EPSS
Exploits1References10Affected Software3
Prion
Prion
•added 2021/12/20 12:15 p.m.•46 views

Buffer overflow

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

7.5CVSS9.5AI score0.97108EPSS
Exploits4References20Affected Software12
Prion
Prion
•added 2021/12/06 4:15 p.m.•46 views

Sql injection

The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an SQL injection...

7.5CVSS9.6AI score0.78812EPSS
Exploits7References2Affected Software1
Prion
Prion
•added 2021/10/04 6:15 p.m.•46 views

Design/Logic Flaw

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

6.5CVSS8.7AI score0.15126EPSS
Exploits0References10Affected Software4
Prion
Prion
•added 2021/08/24 3:15 p.m.•46 views

Buffer overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

7.5CVSS9.6AI score0.87816EPSS
Exploits1References16Affected Software20
Prion
Prion
•added 2021/06/01 2:15 p.m.•46 views

Out-of-bounds

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...

6.5CVSS8.6AI score0.0199EPSS
Exploits0References4Affected Software3
Prion
Prion
•added 2021/02/15 1:15 p.m.•46 views

Command injection

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...

6.5CVSS8.1AI score0.2241EPSS
Exploits2References13Affected Software21
Prion
Prion
•added 2020/10/21 3:15 p.m.•46 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

6.8CVSS4.9AI score0.02404EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2020/08/12 2:15 p.m.•46 views

Design/Logic Flaw

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759...

7.5CVSS9.8AI score0.99728EPSS
Exploits28References4Affected Software1
Prion
Prion
•added 2020/07/15 6:15 p.m.•46 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

6.5CVSS6.5AI score0.02118EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2020/04/27 9:15 p.m.•46 views

Code injection

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support uncommon, urldecode function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes...

5CVSS7.4AI score0.04311EPSS
Exploits1References7Affected Software4
Prion
Prion
•added 2020/04/21 2:15 p.m.•46 views

Null pointer dereference

Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm i...

5CVSS7.2AI score0.53336EPSS
Exploits2References32Affected Software19
Prion
Prion
•added 2020/04/15 2:15 p.m.•46 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4CVSS5AI score0.02981EPSS
Exploits0References11Affected Software7
Prion
Prion
•added 2020/04/15 2:15 p.m.•46 views

Design/Logic Flaw

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

3.5CVSS5.4AI score0.02317EPSS
Exploits0References7Affected Software5
Prion
Prion
•added 2020/04/01 4:15 a.m.•46 views

Stack overflow

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mbstrtolower function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution...

6.8CVSS8.6AI score0.04764EPSS
Exploits1References8Affected Software4
Prion
Prion
•added 2020/02/10 8:15 a.m.•46 views

Information disclosure

When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...

6.4CVSS8.6AI score0.07402EPSS
Exploits1References14Affected Software5
Prion
Prion
•added 2019/11/15 4:15 p.m.•46 views

Null pointer dereference

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11SignWithSymKey / ssl3ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service...

5CVSS6.7AI score0.02279EPSS
Exploits0References9Affected Software27
Prion
Prion
•added 2019/10/21 4:15 a.m.•46 views

Denial of service

ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop...

5CVSS7.5AI score0.19507EPSS
Exploits1References14Affected Software1
Prion
Prion
•added 2019/10/16 6:15 p.m.•46 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.5CVSS4.4AI score0.02985EPSS
Exploits0References9Affected Software5
Prion
Prion
•added 2019/09/11 3:15 p.m.•46 views

Code injection

McAfee Web Gateway MWG earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies...

5CVSS7.3AI score0.27004EPSS
Exploits0References1Affected Software4
Prion
Prion
•added 2019/07/23 11:15 p.m.•46 views

Design/Logic Flaw

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached ...

2.3CVSS4AI score0.00806EPSS
Exploits0References6Affected Software7
Prion
Prion
•added 2019/07/23 11:15 p.m.•46 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4CVSS4.8AI score0.03919EPSS
Exploits0References14Affected Software5
Prion
Prion
•added 2019/07/15 7:15 p.m.•46 views

Information disclosure

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-111...

4.3CVSS6AI score0.06786EPSS
Exploits0References1Affected Software5
Prion
Prion
•added 2019/04/23 7:32 p.m.•46 views

Design/Logic Flaw

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

3.5CVSS4.3AI score0.0281EPSS
Exploits0References14Affected Software11
Prion
Prion
•added 2019/02/21 7:29 p.m.•46 views

Design/Logic Flaw

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to pharparsepharfile in...

5CVSS8.3AI score0.0566EPSS
Exploits1References10Affected Software2
Total number of security vulnerabilities5000