Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2022/07/28 2:15 a.m.47 views

Heap overflow

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.8AI score0.70461EPSS
Exploits0References8Affected Software11
Prion
Prion
added 2022/01/25 6:15 p.m.47 views

Design/Logic Flaw

Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2...

4.6CVSS7.7AI score0.00609EPSS
Exploits1References10Affected Software3
Prion
Prion
added 2021/12/20 12:15 p.m.47 views

Buffer overflow

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

7.5CVSS9.5AI score0.97108EPSS
Exploits4References20Affected Software12
Prion
Prion
added 2021/12/06 4:15 p.m.47 views

Sql injection

The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an SQL injection...

7.5CVSS9.6AI score0.78812EPSS
Exploits7References2Affected Software1
Prion
Prion
added 2021/10/04 6:15 p.m.47 views

Design/Logic Flaw

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

6.5CVSS8.7AI score0.15126EPSS
Exploits0References10Affected Software4
Prion
Prion
added 2021/08/24 3:15 p.m.47 views

Buffer overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

7.5CVSS9.6AI score0.87816EPSS
Exploits1References16Affected Software20
Prion
Prion
added 2021/07/12 3:15 p.m.47 views

Design/Logic Flaw

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once ...

5CVSS7.2AI score0.06889EPSS
Exploits0References7Affected Software3
Prion
Prion
added 2021/06/17 2:15 p.m.47 views

Sql injection

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...

4CVSS5.2AI score0.00622EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/02/15 1:15 p.m.47 views

Command injection

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...

6.5CVSS8.1AI score0.2241EPSS
Exploits2References13Affected Software21
Prion
Prion
added 2021/01/26 9:15 p.m.47 views

Design/Logic Flaw

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

4.3CVSS6.7AI score0.01962EPSS
Exploits0References4Affected Software7
Prion
Prion
added 2020/12/08 8:15 p.m.47 views

Code injection

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files...

2.1CVSS5.5AI score0.00418EPSS
Exploits0References9Affected Software7
Prion
Prion
added 2020/10/21 3:15 p.m.47 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

6.8CVSS4.9AI score0.02404EPSS
Exploits0References6Affected Software3
Prion
Prion
added 2020/08/12 2:15 p.m.47 views

Design/Logic Flaw

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759...

7.5CVSS9.8AI score0.99728EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2020/07/15 6:15 p.m.47 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

6.5CVSS6.5AI score0.02118EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2020/04/15 2:15 p.m.47 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4CVSS5AI score0.02981EPSS
Exploits0References11Affected Software7
Prion
Prion
added 2020/02/10 3:15 p.m.47 views

Command injection

A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro...

6.5CVSS7.8AI score0.05804EPSS
Exploits6References1Affected Software1
Prion
Prion
added 2019/07/23 11:15 p.m.47 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4CVSS4.8AI score0.03919EPSS
Exploits0References14Affected Software5
Prion
Prion
added 2019/07/15 7:15 p.m.47 views

Information disclosure

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-111...

4.3CVSS6AI score0.06786EPSS
Exploits0References1Affected Software5
Prion
Prion
added 2018/10/17 1:31 a.m.47 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS5.1AI score0.03254EPSS
Exploits0References8Affected Software4
Prion
Prion
added 2018/08/20 9:29 p.m.47 views

Design/Logic Flaw

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software...

9.3CVSS8.1AI score0.04915EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/05/16 4:29 p.m.47 views

Default configuration

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

7.5CVSS9.2AI score0.21979EPSS
Exploits0References39Affected Software4
Prion
Prion
added 2018/05/09 7:29 p.m.47 views

Remote code execution

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151...

10CVSS7AI score0.21854EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/04/29 9:29 p.m.47 views

Design/Logic Flaw

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exifreaddata in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exifiifaddvalue mishandles the case of a MakerNote that lacks a final '\0' character...

6.8CVSS8.4AI score0.07159EPSS
Exploits0References13Affected Software3
Prion
Prion
added 2017/09/19 1:29 p.m.47 views

Design/Logic Flaw

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...

6.8CVSS7.8AI score0.99607EPSS
Exploits18References19Affected Software1
Prion
Prion
added 2017/09/18 3:29 p.m.47 views

Design/Logic Flaw

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

5CVSS7.1AI score0.94999EPSS
Exploits9References55Affected Software2
Prion
Prion
added 2017/04/06 9:59 p.m.47 views

Remote code execution

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency...

7.5CVSS9.4AI score0.92334EPSS
Exploits1References36Affected Software1
Prion
Prion
added 2016/05/22 1:59 a.m.47 views

Design/Logic Flaw

The opensslrandompseudobytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RANDpseudobytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified...

5CVSS7AI score0.04353EPSS
Exploits0References12Affected Software2
Prion
Prion
added 2014/09/24 6:48 p.m.47 views

Design/Logic Flaw

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

10CVSS7.8AI score0.99999EPSS
Exploits140References170Affected Software1
Prion
Prion
added 2014/03/19 10:55 a.m.47 views

Buffer overflow

Buffer overflow in the cairotruetypeindextoucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF docume...

6.8CVSS8.2AI score0.0503EPSS
Exploits1References12Affected Software16
Prion
Prion
added 2014/03/18 5:18 a.m.47 views

Design/Logic Flaw

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character...

5.8CVSS6.9AI score0.04751EPSS
Exploits1References23Affected Software2
Prion
Prion
added 2009/04/13 4:30 p.m.47 views

Code injection

Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware...

6.8CVSS7.5AI score0.01998EPSS
Exploits3References10Affected Software7
Prion
Prion
added 2009/03/12 3:20 p.m.47 views

Directory traversal

Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. dot dot in a /CIMListener/ URI in an M-POST request...

6.8CVSS7.4AI score0.31595EPSS
Exploits11References8Affected Software1
Prion
Prion
added 2009/01/13 5:0 p.m.47 views

Race condition

Race condition in the dosetlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service crash via vectors resulting in an interrupted RPC call that leads to a stray FLPOSIX lock, related to improper handling of a race between fcntl and close in th...

4CVSS5.8AI score0.00284EPSS
Exploits1References21Affected Software1
Prion
Prion
added 2008/08/10 8:41 p.m.47 views

Input validation

JBoss Enterprise Application Platform aka JBossEAP or EAP before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string...

5CVSS6AI score0.47111EPSS
Exploits6References12Affected Software1
Prion
Prion
added 2007/09/12 1:17 a.m.47 views

Code injection

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted...

7.5CVSS6.4AI score0.02374EPSS
Exploits0References30Affected Software1
Prion
Prion
added 2024/03/15 12:17 a.m.46 views

Authorization

A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization...

7.2AI score0.00745EPSS
Exploits1References2
Prion
Prion
added 2024/03/11 7:15 p.m.46 views

Design/Logic Flaw

In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app cannot access due to Intent Redirect GRANTURIPERMISSIONS Attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7AI score0.0008EPSS
Exploits0References1
Prion
Prion
added 2024/03/11 6:15 p.m.46 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: xsk: fix usage of multi-buffer BPF helpers for ZC XDP Currently when packet is shrunk via bpfxdpadjusttail and memory type is set to MEMTYPEXSKBUFFPOOL, null ptr dereference happens: 1136314.192256 BUG: kernel NULL pointer...

6.9AI score0.00238EPSS
Exploits0References3
Prion
Prion
added 2023/10/26 5:15 p.m.46 views

Remote code execution

NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679...

7.5CVSS9.8AI score0.97106EPSS
Exploits22References2Affected Software1
Prion
Prion
added 2023/10/09 9:15 p.m.46 views

Improper access control

Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols...

6.4CVSS9.1AI score0.00586EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/09/20 6:15 a.m.46 views

Privilege escalation

Incorrect verifier pruning in BPF in Linux Kernel =5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape...

4.3CVSS8.5AI score0.03546EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/19 5:15 p.m.46 views

Authentication flaw

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible...

7.5CVSS9.6AI score0.99979EPSS
Exploits17References6Affected Software1
Prion
Prion
added 2023/07/18 3:15 a.m.46 views

Buffer overflow

A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version...

4CVSS6.8AI score0.00179EPSS
Exploits0References2Affected Software4
Prion
Prion
added 2023/06/30 3:15 a.m.46 views

Information disclosure

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information...

5CVSS7.3AI score0.0053EPSS
Exploits0References1Affected Software9
Prion
Prion
added 2023/05/26 5:15 p.m.46 views

Information disclosure

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

5.2CVSS6.7AI score0.0147EPSS
Exploits2References5Affected Software2
Prion
Prion
added 2023/05/01 2:15 p.m.46 views

Default credentials

A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access...

5.8CVSS8.4AI score0.00405EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/17 11:15 p.m.46 views

Integer overflow

Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is a integer overflow in...

7.5CVSS9.8AI score0.44268EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/11/01 9:15 a.m.46 views

Cross site request forgery (csrf)

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a...

5CVSS7.3AI score0.01448EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/10/22 12:15 a.m.46 views

Design/Logic Flaw

Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields...

4CVSS4.5AI score0.00606EPSS
Exploits0References2Affected Software7
Prion
Prion
added 2022/08/22 3:15 p.m.46 views

Design/Logic Flaw

The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration so PHP is not possible if there is a frontend form available. This vulnerability was introduced i...

6.8CVSS8.6AI score0.01264EPSS
Exploits2References2Affected Software1
Total number of security vulnerabilities5000