Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2021/02/24 5:15 p.m.•43 views

Remote code execution

The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...

10CVSS9.8AI score0.9957EPSS
Exploits47References4Affected Software2
Prion
Prion
•added 2020/11/20 6:15 p.m.•43 views

Design/Logic Flaw

A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KDFONTOPCOPY in drivers/tty/vt/vt.c can be used for manipulations such as font height...

6.1CVSS5.3AI score0.00511EPSS
Exploits1References7Affected Software2
Prion
Prion
•added 2020/10/21 3:15 p.m.•43 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

3.5CVSS3.1AI score0.01588EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2020/10/21 3:15 p.m.•43 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.9AI score0.02621EPSS
Exploits0References9Affected Software3
Prion
Prion
•added 2020/10/21 3:15 p.m.•43 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to...

6.8CVSS4.4AI score0.01871EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2020/09/14 5:15 p.m.•43 views

Remote code execution

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...

7.5CVSS9.5AI score0.97399EPSS
Exploits15References9Affected Software5
Prion
Prion
•added 2020/09/11 5:15 p.m.•43 views

Security feature bypass

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...

7.2CVSS7.9AI score0.07037EPSS
Exploits0References1Affected Software3
Prion
Prion
•added 2020/05/14 4:15 p.m.•43 views

Design/Logic Flaw

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

3.3CVSS6.2AI score0.01793EPSS
Exploits0References52Affected Software50
Prion
Prion
•added 2020/02/24 10:15 p.m.•43 views

Design/Logic Flaw

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

5.8CVSS7.1AI score0.09386EPSS
Exploits0References19Affected Software19
Prion
Prion
•added 2020/01/07 5:15 p.m.•43 views

Memory corruption

A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service memory consumption via vectors involving DHCP response creation...

4.3CVSS4.1AI score0.02664EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2019/10/11 7:15 p.m.•43 views

Design/Logic Flaw

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network...

4.6CVSS6.9AI score0.72105EPSS
Exploits27References11
Prion
Prion
•added 2019/10/01 3:15 p.m.•43 views

Deserialization of untrusted data

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

7.5CVSS8.8AI score0.49727EPSS
Exploits10References9Affected Software1
Prion
Prion
•added 2019/07/10 2:15 p.m.•43 views

Design/Logic Flaw

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

7.5CVSS9.7AI score0.04047EPSS
Exploits0References8Affected Software5
Prion
Prion
•added 2019/04/26 7:29 p.m.•43 views

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

7.5CVSS9.4AI score0.99964EPSS
Exploits35References8Affected Software8
Prion
Prion
•added 2019/02/22 11:29 p.m.•43 views

Heap overflow

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the...

7.5CVSS8.3AI score0.10059EPSS
Exploits2References13Affected Software4
Prion
Prion
•added 2019/02/22 11:29 p.m.•43 views

Design/Logic Flaw

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

5CVSS8.1AI score0.0712EPSS
Exploits1References12Affected Software4
Prion
Prion
•added 2018/06/26 4:29 p.m.•43 views

Input validation

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file"...

6.8CVSS8.1AI score0.02462EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2018/06/17 8:29 p.m.•43 views

Race condition

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

4.4CVSS6.9AI score0.00276EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2018/05/24 1:29 p.m.•43 views

Design/Logic Flaw

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...

4.9CVSS6.7AI score0.01221EPSS
Exploits0References15Affected Software10
Prion
Prion
•added 2018/04/29 9:29 p.m.•43 views

Design/Logic Flaw

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences...

5CVSS7.9AI score0.10564EPSS
Exploits0References12Affected Software3
Prion
Prion
•added 2018/02/23 11:29 p.m.•43 views

Design/Logic Flaw

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

4CVSS6.9AI score0.14737EPSS
Exploits2References35Affected Software6
Prion
Prion
•added 2017/09/19 1:29 p.m.•43 views

Design/Logic Flaw

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

5CVSS7.5AI score0.708EPSS
Exploits4References14Affected Software1
Prion
Prion
•added 2017/07/27 9:29 p.m.•43 views

Code injection

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

5CVSS6.7AI score0.49024EPSS
Exploits4References27Affected Software1
Prion
Prion
•added 2017/07/11 9:29 p.m.•43 views

Memory corruption

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique...

7.6CVSS7.7AI score0.66911EPSS
Exploits7References3
Prion
Prion
•added 2017/05/12 2:29 p.m.•43 views

Remote code execution

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint...

9.3CVSS7.9AI score0.80734EPSS
Exploits1References2Affected Software8
Prion
Prion
•added 2016/12/30 7:59 p.m.•43 views

Command injection

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...

7.5CVSS9.7AI score0.99714EPSS
Exploits59References21Affected Software3
Prion
Prion
•added 2016/07/19 2:0 a.m.•43 views

Design/Logic Flaw

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...

6.8CVSS8.9AI score0.55724EPSS
Exploits0References54Affected Software20
Prion
Prion
•added 2016/03/02 11:59 a.m.•43 views

Sql injection

The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to...

4.3CVSS6AI score0.82112EPSS
Exploits2References31Affected Software1
Prion
Prion
•added 2015/11/05 5:59 a.m.•43 views

Design/Logic Flaw

The secasn1dparseleaf function in Mozilla Network Security Services NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to caus...

7.5CVSS8.6AI score0.07507EPSS
Exploits0References34Affected Software3
Prion
Prion
•added 2015/09/09 12:59 a.m.•43 views

Design/Logic Flaw

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE...

9.3CVSS7.6AI score0.19155EPSS
Exploits0References2Affected Software4
Prion
Prion
•added 2015/03/30 10:59 a.m.•43 views

Design/Logic Flaw

Use-after-free vulnerability in the pharrenamearchive function in pharobject.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of...

7.5CVSS7.9AI score0.14771EPSS
Exploits1References24Affected Software11
Prion
Prion
•added 2014/11/16 12:59 a.m.•43 views

Design/Logic Flaw

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

5CVSS6.9AI score0.02372EPSS
Exploits0References6Affected Software10
Prion
Prion
•added 2014/10/15 3:55 p.m.•43 views

Design/Logic Flaw

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE...

4CVSS6.1AI score0.03422EPSS
Exploits0References47Affected Software3
Prion
Prion
•added 2014/02/12 4:50 a.m.•43 views

Cross site request forgery (csrf)

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service ASP.NET daemon hang via crafted HTTP requests that trigger persistent resource consumption for a 1 stale or 2 clos...

5CVSS7.1AI score0.38697EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2014/01/21 6:55 p.m.•43 views

Xxe

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...

6.8CVSS7.2AI score0.19433EPSS
Exploits1References24Affected Software7
Prion
Prion
•added 2013/11/23 11:55 a.m.•43 views

Code injection

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors...

7.2CVSS6.6AI score0.00623EPSS
Exploits5References10Affected Software3
Prion
Prion
•added 2012/06/21 11:55 p.m.•43 views

Design/Logic Flaw

The doreplace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAPNETADMIN capability ...

2.1CVSS6.1AI score0.00353EPSS
Exploits1References7Affected Software1
Prion
Prion
•added 2011/11/09 11:55 a.m.•43 views

Design/Logic Flaw

Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site...

9.3CVSS7.2AI score0.01868EPSS
Exploits1References5Affected Software2
Prion
Prion
•added 2010/12/06 9:5 p.m.•43 views

Design/Logic Flaw

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol...

7.5CVSS6.7AI score0.08076EPSS
Exploits1References16Affected Software1
Prion
Prion
•added 2010/05/21 5:30 p.m.•43 views

Command injection

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247...

3.6CVSS6.2AI score0.01768EPSS
Exploits3References12Affected Software1
Prion
Prion
•added 2009/09/17 10:30 a.m.•43 views

Stack overflow

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by...

7.5CVSS7.7AI score0.0404EPSS
Exploits0References17Affected Software1
Prion
Prion
•added 2007/10/05 9:17 p.m.•43 views

Heap overflow

Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives...

9.3CVSS8.2AI score0.05957EPSS
Exploits1References6Affected Software12
Prion
Prion
•added 2006/04/20 10:2 p.m.•43 views

Cross site scripting

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732...

2.6CVSS5.8AI score0.04827EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2024/03/14 10:53 p.m.•42 views

Design/Logic Flaw

RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...

6.4AI score0.00521EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2024/03/11 6:15 p.m.•42 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

7.2AI score0.0095EPSS
Exploits0References4
Prion
Prion
•added 2024/02/29 3:15 a.m.•42 views

Information disclosure

IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

5.4AI score0.00449EPSS
Exploits0References2
Prion
Prion
•added 2024/01/28 4:15 a.m.•42 views

Code injection

An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

7.5CVSS8.2AI score0.01456EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/12/14 5:15 a.m.•42 views

Improper access control

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7...

6.4CVSS6.8AI score0.00756EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2023/10/23 7:15 a.m.•42 views

Cross site scripting

Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...

5CVSS7.3AI score0.02978EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2023/10/23 7:15 a.m.•42 views

Design/Logic Flaw

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

2.6CVSS7.3AI score0.99999EPSS
Exploits20References3Affected Software2
Total number of security vulnerabilities5000