Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2018/10/17 1:31 a.m.•46 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS5.1AI score0.03254EPSS
Exploits0References8Affected Software4
Prion
Prion
•added 2018/08/20 9:29 p.m.•46 views

Design/Logic Flaw

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software...

9.3CVSS8.1AI score0.04915EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2018/08/02 3:29 p.m.•46 views

Out-of-bounds

PHP 7.1.5 has an Out of bounds access in phppcrereplaceimpl via a crafted pregreplace call...

5CVSS7.7AI score0.02954EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2018/07/26 4:29 p.m.•46 views

Information disclosure

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of serv...

4.8CVSS6.7AI score0.0759EPSS
Exploits0References13Affected Software6
Prion
Prion
•added 2018/03/26 3:29 p.m.•46 views

Code injection

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...

6.8CVSS8.5AI score0.86006EPSS
Exploits0References27Affected Software4
Prion
Prion
•added 2018/03/07 2:29 p.m.•46 views

Buffer overflow

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates...

7.2CVSS7AI score0.01107EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2017/11/07 9:29 p.m.•46 views

Out-of-bounds

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelibmeridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c...

5CVSS8AI score0.26373EPSS
Exploits2References13Affected Software3
Prion
Prion
•added 2017/09/19 1:29 p.m.•46 views

Design/Logic Flaw

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...

6.8CVSS7.8AI score0.99607EPSS
Exploits18References19Affected Software1
Prion
Prion
•added 2017/09/18 3:29 p.m.•46 views

Design/Logic Flaw

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

5CVSS7.1AI score0.94999EPSS
Exploits9References55Affected Software2
Prion
Prion
•added 2017/06/19 4:29 p.m.•46 views

Code injection

The OpenBSD qsort function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in...

6.4CVSS7.4AI score0.1338EPSS
Exploits3References9Affected Software1
Prion
Prion
•added 2017/03/17 12:59 a.m.•46 views

Remote code execution

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka...

9.3CVSS8.5AI score0.99373EPSS
Exploits92References11Affected Software1
Prion
Prion
•added 2016/12/09 8:59 p.m.•46 views

Design/Logic Flaw

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

7.8CVSS6.9AI score0.08894EPSS
Exploits5References13Affected Software1
Prion
Prion
•added 2016/10/16 9:59 p.m.•46 views

Design/Logic Flaw

The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service stack consumption and panic or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a...

7.8CVSS7.9AI score0.07613EPSS
Exploits0References12Affected Software1
Prion
Prion
•added 2016/05/22 1:59 a.m.•46 views

Design/Logic Flaw

The opensslrandompseudobytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RANDpseudobytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified...

5CVSS7AI score0.04353EPSS
Exploits0References12Affected Software2
Prion
Prion
•added 2015/12/09 11:59 a.m.•46 views

Race condition

Race condition in the Pragmatic General Multicast PGM protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gai...

7.2CVSS7AI score0.01557EPSS
Exploits0References2Affected Software5
Prion
Prion
•added 2015/12/02 1:59 a.m.•46 views

Code injection

PCRE before 8.38 mishandles the /?:|a|100x/ pattern and related patterns, which allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konquero...

7.5CVSS7.8AI score0.03887EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2015/01/30 11:59 a.m.•46 views

Memory corruption

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different...

6.8CVSS7.8AI score0.02762EPSS
Exploits0References10Affected Software4
Prion
Prion
•added 2014/09/24 6:48 p.m.•46 views

Design/Logic Flaw

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

10CVSS7.8AI score0.99999EPSS
Exploits139References170Affected Software1
Prion
Prion
•added 2014/03/18 5:18 a.m.•46 views

Design/Logic Flaw

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character...

5.8CVSS6.9AI score0.04751EPSS
Exploits1References23Affected Software2
Prion
Prion
•added 2013/04/09 8:55 p.m.•46 views

Type confusion

The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for YAML type...

7.5CVSS7.7AI score0.99449EPSS
Exploits22References4Affected Software1
Prion
Prion
•added 2010/01/13 8:30 p.m.•46 views

Design/Logic Flaw

Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

5CVSS8.3AI score0.06836EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2009/10/21 5:30 p.m.•46 views

Integer overflow

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service application crash via a crafted PDF document that triggers a NULL...

4.3CVSS6.9AI score0.04483EPSS
Exploits1References51Affected Software3
Prion
Prion
•added 2009/08/03 2:30 p.m.•46 views

Heap overflow

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services NSS before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger AIM, allows remote SSL servers to cause a denial of service application crash or possibly...

9.3CVSS8.8AI score0.04155EPSS
Exploits1References28Affected Software1
Prion
Prion
•added 2009/01/13 5:0 p.m.•46 views

Race condition

Race condition in the dosetlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service crash via vectors resulting in an interrupted RPC call that leads to a stray FLPOSIX lock, related to improper handling of a race between fcntl and close in th...

4CVSS5.8AI score0.00284EPSS
Exploits1References21Affected Software1
Prion
Prion
•added 2008/09/05 4:8 p.m.•46 views

Code injection

The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault GPF, which allows local users to gain privileges by triggering a GPF during the kernel's return from 1 an interrupt, 2 a trap, or 3 a system call...

7.2CVSS6.8AI score0.00314EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2008/08/10 8:41 p.m.•46 views

Input validation

JBoss Enterprise Application Platform aka JBossEAP or EAP before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string...

5CVSS6AI score0.47111EPSS
Exploits6References12Affected Software1
Prion
Prion
•added 2008/07/02 5:14 p.m.•46 views

Remote file inclusion

PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms comfacileforms component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ffcompath parameter...

7.5CVSS8.1AI score0.02294EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2007/11/16 6:46 p.m.•46 views

Stack overflow

Stack-based buffer overflow in the replynetbiospacket function in nmbd/nmbdpackets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request...

9.3CVSS8AI score0.1125EPSS
Exploits1References51Affected Software1
Prion
Prion
•added 2007/09/12 1:17 a.m.•46 views

Code injection

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted...

7.5CVSS6.4AI score0.02374EPSS
Exploits0References30Affected Software1
Prion
Prion
•added 2024/03/15 12:17 a.m.•45 views

Improper access control

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators...

7.6AI score0.00835EPSS
Exploits1References2
Prion
Prion
•added 2024/03/12 8:15 p.m.•45 views

Cross site scripting

Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting XSS attack in the name attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code wi...

4.3CVSS5.8AI score0.00323EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 1:44 a.m.•45 views

Heap overflow

texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted TTF file...

8AI score0.00902EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 1:42 a.m.•45 views

Code injection

An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4ping in the /boafrm/formSystemCheck...

8.1AI score0.07319EPSS
Exploits1References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•45 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GICPRIOPSRISET during entry Zenghui reports that booting a kernel with "irqchip.gicv3pseudonmi=1" on the command line hits a warning during kernel entry, due to the way we manipulate the PMR. Early in the...

6.8AI score0.00246EPSS
Exploits0References4
Prion
Prion
•added 2024/01/29 11:15 p.m.•45 views

Security feature bypass

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

6.4CVSS6.6AI score0.0102EPSS
Exploits2References5Affected Software2
Prion
Prion
•added 2023/11/14 6:15 p.m.•45 views

Hardcoded credentials

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials...

1.7CVSS7.1AI score0.00205EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/10/25 6:17 p.m.•45 views

Design/Logic Flaw

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL...

7.5CVSS9.3AI score0.00964EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/10/16 9:15 p.m.•45 views

Cross site request forgery (csrf)

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to injec...

6.8CVSS8.9AI score0.00313EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/10/15 7:15 p.m.•45 views

Authorization

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this...

5.8CVSS7.7AI score0.04488EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/10/10 5:15 p.m.•45 views

Integer overflow

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

5CVSS7.5AI score0.03754EPSS
Exploits1References9Affected Software3
Prion
Prion
•added 2023/08/14 10:15 p.m.•45 views

Out-of-bounds

In SDPAddAttribute of sdpdb.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

5.8CVSS8.8AI score0.00173EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/07/26 2:15 p.m.•45 views

Design/Logic Flaw

POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965...

4CVSS8.4AI score0.99677EPSS
Exploits100References2Affected Software1
Prion
Prion
•added 2023/07/19 3:15 p.m.•45 views

Privilege escalation

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary...

5.8CVSS7.5AI score0.01313EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/07/11 6:15 p.m.•45 views

Remote code execution

Paint 3D Remote Code Execution Vulnerability...

4.4CVSS7.8AI score0.00631EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/05/01 2:15 p.m.•45 views

Default credentials

A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access...

5.8CVSS8.4AI score0.00405EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/02/04 1:15 a.m.•45 views

Code injection

Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10...

6.5CVSS9AI score0.01119EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/01/13 3:15 p.m.•45 views

Server side request forgery (ssrf)

RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery SSRF attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending ...

5CVSS7.6AI score0.00778EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2022/11/01 9:15 a.m.•45 views

Cross site request forgery (csrf)

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a...

5CVSS7.3AI score0.01448EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/09/13 3:15 p.m.•45 views

Command injection

PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router with GPS4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG /...

7.5CVSS9.7AI score0.02311EPSS
Exploits2References1Affected Software9
Prion
Prion
•added 2022/08/01 8:15 p.m.•45 views

Sql injection

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users...

7.5CVSS9.5AI score0.05071EPSS
Exploits2References3Affected Software1
Total number of security vulnerabilities5000