Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2021/08/22 10:15 p.m.•44 views

Code injection

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

4.3CVSS5.8AI score0.01469EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2021/06/11 4:15 p.m.•44 views

Stack overflow

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

2.6CVSS5.8AI score0.04385EPSS
Exploits1References14Affected Software11
Prion
Prion
•added 2021/05/06 1:15 p.m.•44 views

Command injection

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

9CVSS9.3AI score0.0406EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2021/04/27 6:15 a.m.•44 views

Integer overflow

DISPUTED Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...

7.5CVSS9.4AI score0.02037EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2021/04/23 6:15 p.m.•44 views

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution...

7.5CVSS9.5AI score0.99731EPSS
Exploits30References5Affected Software1
Prion
Prion
•added 2021/04/15 8:15 a.m.•44 views

Remote code execution

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

10CVSS9.8AI score0.94089EPSS
Exploits5References3Affected Software1
Prion
Prion
•added 2021/04/02 5:15 a.m.•44 views

Memory corruption

An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. videousercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b...

2.1CVSS6.1AI score0.00369EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2021/02/25 9:15 a.m.•44 views

Sql injection

scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...

6.8CVSS6AI score0.03681EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/01/20 3:15 p.m.•44 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

6.8CVSS4.9AI score0.0183EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2020/11/20 6:15 p.m.•44 views

Design/Logic Flaw

A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KDFONTOPCOPY in drivers/tty/vt/vt.c can be used for manipulations such as font height...

6.1CVSS5.3AI score0.00511EPSS
Exploits1References7Affected Software2
Prion
Prion
•added 2020/10/21 3:15 p.m.•44 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.9AI score0.02621EPSS
Exploits0References9Affected Software3
Prion
Prion
•added 2020/10/21 3:15 p.m.•44 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to...

6.8CVSS4.4AI score0.01871EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2020/10/21 3:15 p.m.•44 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

3.5CVSS3.1AI score0.01588EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2020/05/14 4:15 p.m.•44 views

Design/Logic Flaw

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

3.3CVSS6.2AI score0.01793EPSS
Exploits0References52Affected Software50
Prion
Prion
•added 2020/01/07 5:15 p.m.•44 views

Memory corruption

A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service memory consumption via vectors involving DHCP response creation...

4.3CVSS4.1AI score0.02664EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2019/12/05 12:15 a.m.•44 views

Authentication flaw

libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/authsubr.c and gen/authenticate.c in libc and login/login.c and xenocara/app/xenodm/greeter/verify.c...

7.5CVSS9.4AI score0.02736EPSS
Exploits2References7Affected Software1
Prion
Prion
•added 2019/08/13 9:15 p.m.•44 views

Design/Logic Flaw

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write many of the byt...

7.8CVSS7.4AI score0.27004EPSS
Exploits0References47Affected Software20
Prion
Prion
•added 2019/04/26 7:29 p.m.•44 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

7.5CVSS9.4AI score0.99964EPSS
Exploits35References8Affected Software8
Prion
Prion
•added 2019/02/22 11:29 p.m.•44 views

Heap overflow

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the...

7.5CVSS8.3AI score0.10059EPSS
Exploits2References13Affected Software4
Prion
Prion
•added 2019/02/20 4:29 p.m.•44 views

Design/Logic Flaw

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

4.3CVSS5.7AI score0.1686EPSS
Exploits1References27Affected Software16
Prion
Prion
•added 2018/07/11 12:29 a.m.•44 views

Security feature bypass

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2...

5CVSS7.4AI score0.09832EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2018/06/26 4:29 p.m.•44 views

Input validation

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file"...

6.8CVSS8.1AI score0.02462EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2018/04/29 9:29 p.m.•44 views

Design/Logic Flaw

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences...

5CVSS7.9AI score0.10433EPSS
Exploits0References12Affected Software3
Prion
Prion
•added 2018/02/23 11:29 p.m.•44 views

Design/Logic Flaw

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

4CVSS6.9AI score0.14737EPSS
Exploits2References35Affected Software6
Prion
Prion
•added 2017/11/22 7:29 p.m.•44 views

Design/Logic Flaw

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provid...

7.2CVSS6.5AI score0.00586EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2017/07/11 9:29 p.m.•44 views

Memory corruption

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique...

7.6CVSS7.7AI score0.66911EPSS
Exploits7References3
Prion
Prion
•added 2017/04/07 7:59 p.m.•44 views

Code injection

Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents...

4.3CVSS7AI score0.01989EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2016/09/01 12:59 a.m.•44 views

Design/Logic Flaw

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

5CVSS9.2AI score0.95707EPSS
Exploits7References135Affected Software9
Prion
Prion
•added 2016/05/16 10:59 a.m.•44 views

Input validation

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system functio...

10CVSS8AI score0.05999EPSS
Exploits2References7Affected Software1
Prion
Prion
•added 2016/05/16 10:59 a.m.•44 views

Design/Logic Flaw

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to 1 the Serializable interface, 2 the SplObjectStorage class, and 3 the SplDoublyLinkedList class, which are mishandled...

7.5CVSS8.3AI score0.46801EPSS
Exploits4References8Affected Software1
Prion
Prion
•added 2016/02/15 7:59 p.m.•44 views

Design/Logic Flaw

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service worker process crash or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing...

7.5CVSS7.7AI score0.08625EPSS
Exploits0References11Affected Software5
Prion
Prion
•added 2015/11/05 5:59 a.m.•44 views

Design/Logic Flaw

The secasn1dparseleaf function in Mozilla Network Security Services NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to caus...

7.5CVSS8.6AI score0.07507EPSS
Exploits0References34Affected Software3
Prion
Prion
•added 2015/03/30 10:59 a.m.•44 views

Design/Logic Flaw

Use-after-free vulnerability in the pharrenamearchive function in pharobject.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of...

7.5CVSS7.9AI score0.14771EPSS
Exploits1References24Affected Software11
Prion
Prion
•added 2014/01/21 6:55 p.m.•44 views

Xxe

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...

6.8CVSS7.2AI score0.19433EPSS
Exploits1References24Affected Software7
Prion
Prion
•added 2013/04/09 8:55 p.m.•44 views

Type confusion

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...

7.5CVSS7.7AI score0.99449EPSS
Exploits22References6Affected Software1
Prion
Prion
•added 2013/02/08 7:55 p.m.•44 views

Design/Logic Flaw

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of...

4CVSS6.8AI score0.35584EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2012/06/21 11:55 p.m.•44 views

Design/Logic Flaw

The doreplace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAPNETADMIN capability ...

2.1CVSS6.1AI score0.00353EPSS
Exploits1References7Affected Software1
Prion
Prion
•added 2012/05/11 10:15 a.m.•45 views

Design/Logic Flaw

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that contain a %3D sequence but no = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options i...

7.5CVSS8AI score0.99998EPSS
Exploits42References17Affected Software1
Prion
Prion
•added 2012/01/19 7:55 p.m.•44 views

Integer overflow

Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors...

9.3CVSS8.3AI score0.04074EPSS
Exploits1References2Affected Software2
Prion
Prion
•added 2011/07/21 11:55 p.m.•44 views

Code injection

fwdbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object...

6CVSS6.8AI score0.00421EPSS
Exploits0References8Affected Software2
Prion
Prion
•added 2010/12/06 9:5 p.m.•44 views

Design/Logic Flaw

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol...

7.5CVSS6.7AI score0.08076EPSS
Exploits1References16Affected Software1
Prion
Prion
•added 2010/01/04 9:30 p.m.•44 views

Design/Logic Flaw

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and 2 allows...

7.5CVSS9.1AI score0.05741EPSS
Exploits5References20Affected Software1
Prion
Prion
•added 2008/04/04 12:44 a.m.•44 views

Integer overflow

Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888...

6.8CVSS7.6AI score0.09334EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2007/10/05 9:17 p.m.•44 views

Heap overflow

Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives...

9.3CVSS8.2AI score0.05957EPSS
Exploits1References6Affected Software12
Prion
Prion
•added 2006/04/20 10:2 p.m.•44 views

Cross site scripting

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732...

2.6CVSS5.8AI score0.04827EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2024/03/15 12:17 a.m.•43 views

Authorization

A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization...

7.2AI score0.00745EPSS
Exploits1References2
Prion
Prion
•added 2024/03/14 11:51 p.m.•43 views

Sql injection

SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...

8.1AI score0.00952EPSS
Exploits1References2
Prion
Prion
•added 2024/03/06 5:15 p.m.•43 views

Crlf injection

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

5.8CVSS8.6AI score0.29906EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•43 views

Double free

yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the poolfree function lacks loop checks. poolfree is part of the pool series allocator, along with poolmalloc and poolrealloc...

8.3AI score0.01836EPSS
Exploits1References1
Prion
Prion
•added 2024/02/26 4:27 p.m.•43 views

Cross site request forgery (csrf)

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

6.5CVSS7.3AI score0.00813EPSS
Exploits1References2
Total number of security vulnerabilities5000