Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2023/11/02 12:15 p.m.•44 views

Cross site scripting

Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...

5.8CVSS6AI score0.00469EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/11/01 12:15 a.m.•44 views

Cross site scripting

A Reflected Cross-Site Scripting XSS vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field...

4.9CVSS5.3AI score0.00407EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/09/15 4:15 p.m.•45 views

Design/Logic Flaw

An issue was discovered in Bezeq Vtech NB403-IL version BZ2.02.07.09.13.01 and Vtech IAD604-IL versions BZ2.02.07.09.13.01, BZ2.02.07.09.13T, and BZ2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service...

5CVSS7.6AI score0.00737EPSS
Exploits1References1Affected Software2
Prion
Prion
•added 2023/09/12 10:15 a.m.•44 views

Design/Logic Flaw

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

6.5CVSS8.7AI score0.01884EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/08/31 10:15 a.m.•44 views

Design/Logic Flaw

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...

4.3CVSS7.3AI score0.01193EPSS
Exploits0References9Affected Software4
Prion
Prion
•added 2023/08/04 12:15 p.m.•44 views

Design/Logic Flaw

VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests...

5CVSS5.1AI score0.00395EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/07/11 11:15 a.m.•44 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Andrea Tarantini Menubar plugin = 5.8.2 versions...

4.3CVSS6.6AI score0.00191EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/06/01 5:15 p.m.•44 views

Code injection

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edituser’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted w...

6.5CVSS8.6AI score0.73537EPSS
Exploits7References2Affected Software2
Prion
Prion
•added 2023/05/26 5:15 p.m.•44 views

Information disclosure

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

5.2CVSS6.7AI score0.0147EPSS
Exploits2References5Affected Software2
Prion
Prion
•added 2023/05/08 9:15 p.m.•44 views

Authentication flaw

libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establis...

6.5CVSS8.7AI score0.00943EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/04/11 1:15 a.m.•44 views

Arbitrary file deletion

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\WacomTablet.exe...

3.3CVSS5.9AI score0.0075EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2023/01/17 9:15 p.m.•44 views

Design/Logic Flaw

The Birthday attack against 64-bit block ciphers flaw CVE-2016-2183 was reported for the health checks port 9979 on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port...

5CVSS7.4AI score0.95707EPSS
Exploits7References1Affected Software1
Prion
Prion
•added 2023/01/10 10:15 p.m.•44 views

Privilege escalation

Windows Backup Service Elevation of Privilege Vulnerability...

3.2CVSS6.8AI score0.05327EPSS
Exploits2References1Affected Software3
Prion
Prion
•added 2022/12/13 7:15 p.m.•44 views

Remote code execution

.NET Framework Remote Code Execution Vulnerability...

4.4CVSS7.8AI score0.0113EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/11/21 10:15 a.m.•44 views

Code injection

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module,...

1.7CVSS5.4AI score0.00434EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2022/10/03 1:15 a.m.•44 views

Remote code execution

Microsoft Exchange Server Remote Code Execution Vulnerability...

5.2CVSS8.2AI score0.99964EPSS
Exploits11References4Affected Software1
Prion
Prion
•added 2022/05/19 1:15 p.m.•44 views

Design/Logic Flaw

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977...

4.6CVSS8.2AI score0.00489EPSS
Exploits1References5Affected Software2
Prion
Prion
•added 2022/04/04 6:15 p.m.•44 views

Design/Logic Flaw

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...

6.8CVSS8.1AI score0.028EPSS
Exploits0References7Affected Software4
Prion
Prion
•added 2022/01/25 9:15 p.m.•44 views

Design/Logic Flaw

Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation until first reboot, or restart of RabbitMQ does not successfully limit the default ports which RabbitMQ opens; this...

5CVSS9.5AI score0.05386EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2022/01/01 12:15 a.m.•44 views

Heap overflow

DISPUTED Dnsmasq 2.86 has a heap-based buffer overflow in printmac called from logpacket and dhcpreply. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge."...

7.5CVSS9.5AI score0.0259EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2021/10/07 5:15 p.m.•44 views

Command injection

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header...

10CVSS9.7AI score0.69882EPSS
Exploits2References3Affected Software1
Prion
Prion
•added 2021/08/22 10:15 p.m.•44 views

Code injection

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

4.3CVSS5.8AI score0.01469EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2021/06/11 4:15 p.m.•44 views

Stack overflow

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

2.6CVSS5.8AI score0.04385EPSS
Exploits1References14Affected Software11
Prion
Prion
•added 2021/05/05 4:15 p.m.•44 views

Design/Logic Flaw

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The...

3.5CVSS5.6AI score0.00867EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/04/22 10:15 p.m.•44 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4CVSS4.8AI score0.02072EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2021/02/25 9:15 a.m.•44 views

Sql injection

scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...

6.8CVSS6AI score0.03681EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2020/12/11 2:15 a.m.•44 views

Remote code execution

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25...

7.5CVSS9.5AI score0.95922EPSS
Exploits11References11Affected Software8
Prion
Prion
•added 2020/06/09 8:15 p.m.•44 views

Privilege escalation

An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka 'OpenSSH for Windows Elevation of Privilege Vulnerability'...

6.8CVSS7.7AI score0.03158EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2019/12/05 12:15 a.m.•44 views

Authentication flaw

libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/authsubr.c and gen/authenticate.c in libc and login/login.c and xenocara/app/xenodm/greeter/verify.c...

7.5CVSS9.4AI score0.02736EPSS
Exploits2References7Affected Software1
Prion
Prion
•added 2019/11/26 4:15 a.m.•44 views

Code injection

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather than once for subject and once for issuer prevents some valid CRLs from being taken into account, and can allow clients whose certificate...

5CVSS7.5AI score0.01014EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2019/10/16 6:15 p.m.•44 views

Design/Logic Flaw

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

2.6CVSS3.4AI score0.03362EPSS
Exploits0References22Affected Software14
Prion
Prion
•added 2019/08/13 9:15 p.m.•44 views

Design/Logic Flaw

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write many of the byt...

7.8CVSS7.4AI score0.27004EPSS
Exploits0References47Affected Software20
Prion
Prion
•added 2019/04/09 9:29 p.m.•44 views

Privilege escalation

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841...

4.6CVSS6.5AI score0.414EPSS
Exploits29References4Affected Software5
Prion
Prion
•added 2019/02/20 4:29 p.m.•44 views

Design/Logic Flaw

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

4.3CVSS5.7AI score0.1686EPSS
Exploits1References27Affected Software16
Prion
Prion
•added 2019/02/20 3:29 a.m.•44 views

Path traversal

WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring...

4CVSS6.8AI score0.91985EPSS
Exploits9References7Affected Software1
Prion
Prion
•added 2018/07/11 12:29 a.m.•44 views

Security feature bypass

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2...

5CVSS7.4AI score0.09832EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2018/05/04 3:29 a.m.•44 views

Authentication flaw

An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diagFORM?images/ URI. One can then manage the device...

7.5CVSS9.7AI score0.93316EPSS
Exploits7References3
Prion
Prion
•added 2017/11/22 7:29 p.m.•44 views

Design/Logic Flaw

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provid...

7.2CVSS6.5AI score0.00586EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2017/04/07 7:59 p.m.•44 views

Code injection

Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents...

4.3CVSS7AI score0.01989EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2016/09/01 12:59 a.m.•44 views

Design/Logic Flaw

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

5CVSS9.2AI score0.95707EPSS
Exploits7References135Affected Software9
Prion
Prion
•added 2016/05/16 10:59 a.m.•44 views

Input validation

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system functio...

10CVSS8AI score0.05999EPSS
Exploits2References7Affected Software1
Prion
Prion
•added 2016/05/16 10:59 a.m.•44 views

Design/Logic Flaw

The pharconverttoother function in ext/phar/pharobject.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other...

10CVSS7.8AI score0.06303EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2016/05/16 10:59 a.m.•44 views

Design/Logic Flaw

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to 1 the Serializable interface, 2 the SplObjectStorage class, and 3 the SplDoublyLinkedList class, which are mishandled...

7.5CVSS8.3AI score0.46801EPSS
Exploits4References8Affected Software1
Prion
Prion
•added 2016/02/15 7:59 p.m.•44 views

Design/Logic Flaw

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service worker process crash or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing...

7.5CVSS7.7AI score0.08625EPSS
Exploits0References11Affected Software5
Prion
Prion
•added 2015/06/09 6:59 p.m.•44 views

Integer overflow

Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow...

7.5CVSS9.8AI score0.20837EPSS
Exploits1References18Affected Software9
Prion
Prion
•added 2013/04/09 8:55 p.m.•44 views

Type confusion

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...

7.5CVSS7.7AI score0.99449EPSS
Exploits22References6Affected Software1
Prion
Prion
•added 2013/02/08 7:55 p.m.•44 views

Design/Logic Flaw

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of...

4CVSS6.8AI score0.35584EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2012/05/11 10:15 a.m.•45 views

Design/Logic Flaw

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that contain a %3D sequence but no = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options i...

7.5CVSS8AI score0.99998EPSS
Exploits42References17Affected Software1
Prion
Prion
•added 2012/01/19 7:55 p.m.•44 views

Integer overflow

Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors...

9.3CVSS8.3AI score0.04074EPSS
Exploits1References2Affected Software2
Prion
Prion
•added 2011/07/27 2:55 a.m.•44 views

Heap overflow

Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Real Media file...

6.8CVSS8.8AI score0.03695EPSS
Exploits1References6Affected Software1
Total number of security vulnerabilities5000