Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2012/05/22 3:55 p.m.•45 views

Code injection

The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service resource consumption via unspecified vectors...

4CVSS6.8AI score0.01254EPSS
Exploits0References5Affected Software3
Prion
Prion
•added 2011/07/27 2:55 a.m.•45 views

Heap overflow

Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Real Media file...

6.8CVSS8.8AI score0.03695EPSS
Exploits1References6Affected Software1
Prion
Prion
•added 2010/12/17 7:0 p.m.•45 views

Stack overflow

Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a FIG image with a crafted color definition...

6.8CVSS8.6AI score0.0582EPSS
Exploits1References10Affected Software1
Prion
Prion
•added 2009/08/21 5:30 p.m.•45 views

Code injection

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to...

4.3CVSS7.2AI score0.08437EPSS
Exploits1References13Affected Software1
Prion
Prion
•added 2009/07/14 11:30 p.m.•45 views

Authentication flaw

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS6.5AI score0.06348EPSS
Exploits0References86Affected Software5
Prion
Prion
•added 2009/03/09 9:30 p.m.•45 views

Integer overflow

Integer overflow in the ftsbuild function in fts.c in libc in 1 OpenBSD 4.4 and earlier and 2 Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service application crash via a deep directory tree, related to the ftslevel structure member, as...

4.9CVSS7AI score0.03592EPSS
Exploits6References7Affected Software2
Prion
Prion
•added 2009/02/08 9:30 p.m.•45 views

Buffer overflow

Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a...

9.3CVSS8.3AI score0.05741EPSS
Exploits1References8Affected Software1
Prion
Prion
•added 2008/09/18 5:59 p.m.•45 views

Default credentials

The 1 rand and 2 mtrand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x an...

5.1CVSS6.3AI score0.04289EPSS
Exploits2References19Affected Software1
Prion
Prion
•added 2008/07/14 6:41 p.m.•46 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Accept, 2 Accept-Language, 3 UA-CPU, 4 Accept-Encoding, 5 User-Agent, or 6 Cookie HTTP header. NOTE: the provenance of...

4.3CVSS5.8AI score0.01189EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2008/01/10 11:46 p.m.•45 views

Buffer overflow

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via 1 the ProcessOldClientHello function in handshake.cpp or 2 "inputbuffer& operator" in yasslimp.cpp...

7.5CVSS8AI score0.91602EPSS
Exploits13References21Affected Software5
Prion
Prion
•added 2007/07/16 10:30 p.m.•45 views

Integer overflow

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value...

6.8CVSS7.7AI score0.70386EPSS
Exploits1References35Affected Software7
Prion
Prion
•added 2007/05/09 5:19 p.m.•45 views

Path traversal

Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid 1 GBTBL parameter to a lang/codes-english.php or b image.php, which reveal the database name; 2 an invalid GBDB parameter to index.php, coupled with a ../index lang cookie, which reveals the installati...

7.1CVSS6.7AI score0.01828EPSS
Exploits0References10Affected Software1
Prion
Prion
•added 2006/05/24 11:2 p.m.•45 views

Remote file inclusion

PHP remote file inclusion vulnerability in addpostnewpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 trial allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter...

5.1CVSS7.8AI score0.07873EPSS
Exploits1References7Affected Software1
Prion
Prion
•added 2006/05/03 10:2 a.m.•45 views

Remote file inclusion

PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when registerglobals is enabled, allows remote attackers to include arbitrary files via the phpbbrootpath parameter...

7.5CVSS7.1AI score0.08341EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2006/01/03 10:3 p.m.•45 views

Input validation

PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the globrootDir parameter...

7.5CVSS8AI score0.02406EPSS
Exploits0References2
Prion
Prion
•added 2024/03/15 12:17 a.m.•44 views

Cross site scripting

A cross-site scripting XSS vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

6.1AI score0.00483EPSS
Exploits1References2
Prion
Prion
•added 2024/03/13 4:15 p.m.•44 views

Sql injection

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS8.1AI score0.89431EPSS
Exploits8References6
Prion
Prion
•added 2024/03/11 7:15 p.m.•44 views

Heap overflow

In sendHciCommand of bluetoothhci.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

6.3AI score0.00087EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•44 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

6.6AI score0.00318EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 1:43 a.m.•44 views

Design/Logic Flaw

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restorerecords function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

5CVSS7AI score0.00598EPSS
Exploits0References7
Prion
Prion
•added 2024/01/09 5:15 p.m.•44 views

Design/Logic Flaw

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

4CVSS7.5AI score0.02323EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2024/01/08 6:15 p.m.•44 views

Design/Logic Flaw

It was discovered that the clsroute filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0...

4.3CVSS7.1AI score0.06214EPSS
Exploits7References15Affected Software2
Prion
Prion
•added 2023/12/24 6:15 a.m.•44 views

Code injection

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...

5CVSS6.8AI score0.01072EPSS
Exploits1References20Affected Software4
Prion
Prion
•added 2023/11/02 5:15 p.m.•44 views

Cross site scripting

Reportico 7.1.21 is vulnerable to Cross Site Scripting XSS...

4.3CVSS4.9AI score0.00373EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/11/02 12:15 p.m.•44 views

Cross site scripting

Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...

5.8CVSS6AI score0.00469EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/11/01 12:15 a.m.•44 views

Cross site scripting

A Reflected Cross-Site Scripting XSS vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field...

4.9CVSS5.3AI score0.00407EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/10/26 9:15 p.m.•44 views

Design/Logic Flaw

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support EoTS...

7.5CVSS9.5AI score0.96515EPSS
Exploits17References3Affected Software20
Prion
Prion
•added 2023/10/23 7:15 a.m.•44 views

Code injection

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

5CVSS7.3AI score0.70595EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/09/15 4:15 p.m.•45 views

Design/Logic Flaw

An issue was discovered in Bezeq Vtech NB403-IL version BZ2.02.07.09.13.01 and Vtech IAD604-IL versions BZ2.02.07.09.13.01, BZ2.02.07.09.13T, and BZ2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service...

5CVSS7.6AI score0.00737EPSS
Exploits1References1Affected Software2
Prion
Prion
•added 2023/09/12 5:15 p.m.•44 views

Remote code execution

Microsoft Word Remote Code Execution Vulnerability...

4.4CVSS7.2AI score0.01017EPSS
Exploits0References1Affected Software4
Prion
Prion
•added 2023/09/12 10:15 a.m.•44 views

Design/Logic Flaw

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

6.5CVSS8.7AI score0.01884EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/08/31 10:15 a.m.•44 views

Design/Logic Flaw

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...

4.3CVSS7.3AI score0.01193EPSS
Exploits0References9Affected Software4
Prion
Prion
•added 2023/08/14 10:15 p.m.•44 views

Out-of-bounds

In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

1.7CVSS5.1AI score0.00087EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/08/04 12:15 p.m.•44 views

Design/Logic Flaw

VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests...

5CVSS5.1AI score0.00395EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/07/11 11:15 a.m.•44 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Andrea Tarantini Menubar plugin = 5.8.2 versions...

4.3CVSS6.6AI score0.00191EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/06/16 9:15 p.m.•44 views

Design/Logic Flaw

An issue was discovered in flsetgeneveopt in net/sched/clsflower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCAFLOWERKEYENCOPTSGENEVE packets. This may result in denial of service or privilege escalation...

4.3CVSS7.5AI score0.00532EPSS
Exploits1References10Affected Software3
Prion
Prion
•added 2023/05/08 9:15 p.m.•44 views

Authentication flaw

libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual authentication, the attacker may be able to establis...

6.5CVSS8.7AI score0.00943EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/04/11 1:15 a.m.•44 views

Arbitrary file deletion

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\WacomTablet.exe...

3.3CVSS5.9AI score0.0075EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2023/03/28 7:15 p.m.•44 views

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getfinderinfo method. The issue results from the lack of proper validation of...

7.5CVSS9.2AI score0.02837EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2023/03/14 5:15 p.m.•44 views

Remote code execution

Internet Control Message Protocol ICMP Remote Code Execution Vulnerability...

7.5CVSS9.5AI score0.03479EPSS
Exploits0References1Affected Software10
Prion
Prion
•added 2023/01/17 9:15 p.m.•44 views

Design/Logic Flaw

The Birthday attack against 64-bit block ciphers flaw CVE-2016-2183 was reported for the health checks port 9979 on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port...

5CVSS7.4AI score0.95707EPSS
Exploits7References1Affected Software1
Prion
Prion
•added 2022/11/21 10:15 a.m.•44 views

Code injection

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module,...

1.7CVSS5.4AI score0.00434EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•44 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

4CVSS3.3AI score0.00911EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/10/06 6:17 p.m.•44 views

Design/Logic Flaw

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...

7.5CVSS9.6AI score0.03519EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2022/06/30 1:15 p.m.•44 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

6.5AI score0.09088EPSS
Exploits11
Prion
Prion
•added 2022/04/04 6:15 p.m.•44 views

Design/Logic Flaw

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...

6.8CVSS8.1AI score0.028EPSS
Exploits0References7Affected Software4
Prion
Prion
•added 2022/01/25 9:15 p.m.•44 views

Design/Logic Flaw

Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation until first reboot, or restart of RabbitMQ does not successfully limit the default ports which RabbitMQ opens; this...

5CVSS9.5AI score0.05386EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2022/01/01 12:15 a.m.•44 views

Heap overflow

DISPUTED Dnsmasq 2.86 has a heap-based buffer overflow in printmac called from logpacket and dhcpreply. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge."...

7.5CVSS9.5AI score0.0259EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2021/10/07 5:15 p.m.•44 views

Command injection

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header...

10CVSS9.7AI score0.69882EPSS
Exploits2References3Affected Software1
Prion
Prion
•added 2021/08/22 10:15 p.m.•44 views

Code injection

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

4.3CVSS5.8AI score0.01469EPSS
Exploits0References4Affected Software2
Total number of security vulnerabilities5000