Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2020/10/21 3:15 p.m.•43 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

6.8CVSS5.1AI score0.0178EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2020/09/14 5:15 p.m.•43 views

Remote code execution

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...

7.5CVSS9.5AI score0.97399EPSS
Exploits15References9Affected Software5
Prion
Prion
•added 2020/09/11 5:15 p.m.•43 views

Security feature bypass

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...

7.2CVSS7.9AI score0.07037EPSS
Exploits0References1Affected Software3
Prion
Prion
•added 2020/08/19 1:15 p.m.•43 views

Code injection

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c in the NFS server can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered...

3.6CVSS6.4AI score0.00361EPSS
Exploits0References10Affected Software5
Prion
Prion
•added 2020/07/15 6:15 p.m.•43 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4CVSS6.1AI score0.02237EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2020/07/14 11:15 p.m.•43 views

Remote code execution

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407...

9.3CVSS7.9AI score0.2383EPSS
Exploits0References2Affected Software5
Prion
Prion
•added 2020/07/14 1:15 p.m.•43 views

Authentication flaw

SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

10CVSS10AI score0.94719EPSS
Exploits6References5Affected Software1
Prion
Prion
•added 2020/06/23 10:15 p.m.•43 views

Authentication flaw

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

9.3CVSS9.5AI score0.29157EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2020/06/09 8:15 p.m.•43 views

Privilege escalation

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266,...

4.6CVSS7.5AI score0.15932EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2020/02/27 9:15 p.m.•43 views

Information disclosure

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...

6.4CVSS8.6AI score0.03976EPSS
Exploits1References3Affected Software2
Prion
Prion
•added 2020/02/24 10:15 p.m.•43 views

Design/Logic Flaw

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

5.8CVSS7.1AI score0.09386EPSS
Exploits0References19Affected Software19
Prion
Prion
•added 2019/12/27 2:15 p.m.•43 views

Directory traversal

An issue was discovered in Citrix Application Delivery Controller ADC and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal...

7.5CVSS9.5AI score0.99999EPSS
Exploits48References10Affected Software3
Prion
Prion
•added 2019/11/25 5:15 p.m.•43 views

Heap overflow

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in strlowercasematch in regexec.c...

5CVSS8.5AI score0.02942EPSS
Exploits0References5Affected Software5
Prion
Prion
•added 2019/10/01 3:15 p.m.•43 views

Deserialization of untrusted data

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

7.5CVSS8.8AI score0.49727EPSS
Exploits10References9Affected Software1
Prion
Prion
•added 2019/07/10 2:15 p.m.•43 views

Design/Logic Flaw

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

7.5CVSS9.7AI score0.04047EPSS
Exploits0References8Affected Software5
Prion
Prion
•added 2019/05/08 5:29 p.m.•43 views

Arbitrary file deletion

In Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability...

7.5CVSS9.5AI score0.99999EPSS
Exploits22References11Affected Software1
Prion
Prion
•added 2019/02/22 11:29 p.m.•43 views

Design/Logic Flaw

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

5CVSS8.1AI score0.0712EPSS
Exploits1References12Affected Software4
Prion
Prion
•added 2019/01/16 7:30 p.m.•43 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: PS. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4CVSS6AI score0.02887EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2018/10/17 1:31 a.m.•43 views

Design/Logic Flaw

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Logging. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

3.5CVSS5AI score0.02453EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2018/06/17 8:29 p.m.•43 views

Race condition

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

4.4CVSS6.9AI score0.00276EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2018/05/24 1:29 p.m.•43 views

Design/Logic Flaw

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...

4.9CVSS6.7AI score0.01221EPSS
Exploits0References15Affected Software10
Prion
Prion
•added 2017/09/19 1:29 p.m.•43 views

Design/Logic Flaw

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

5CVSS7.5AI score0.708EPSS
Exploits4References14Affected Software1
Prion
Prion
•added 2017/07/27 9:29 p.m.•43 views

Code injection

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

5CVSS6.7AI score0.49024EPSS
Exploits4References27Affected Software1
Prion
Prion
•added 2017/05/12 2:29 p.m.•43 views

Remote code execution

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint...

9.3CVSS7.9AI score0.80734EPSS
Exploits1References2Affected Software8
Prion
Prion
•added 2016/12/30 7:59 p.m.•43 views

Command injection

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...

7.5CVSS9.7AI score0.99714EPSS
Exploits59References21Affected Software3
Prion
Prion
•added 2016/07/19 2:0 a.m.•43 views

Design/Logic Flaw

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...

6.8CVSS8.9AI score0.55724EPSS
Exploits0References54Affected Software20
Prion
Prion
•added 2016/05/16 10:59 a.m.•43 views

Integer overflow

Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because ...

7.5CVSS8.3AI score0.20837EPSS
Exploits2References13Affected Software9
Prion
Prion
•added 2016/03/02 11:59 a.m.•43 views

Sql injection

The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to...

4.3CVSS6AI score0.82112EPSS
Exploits2References31Affected Software1
Prion
Prion
•added 2014/12/01 3:59 p.m.•43 views

Directory traversal

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. dot dot in a resource URI...

5CVSS7AI score0.25082EPSS
Exploits6References5Affected Software1
Prion
Prion
•added 2014/11/16 12:59 a.m.•43 views

Design/Logic Flaw

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

5CVSS6.9AI score0.02372EPSS
Exploits0References6Affected Software10
Prion
Prion
•added 2014/10/15 3:55 p.m.•43 views

Design/Logic Flaw

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE...

4CVSS6.1AI score0.03422EPSS
Exploits0References47Affected Software3
Prion
Prion
•added 2014/09/25 1:55 a.m.•43 views

Design/Logic Flaw

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

10CVSS7.7AI score0.99999EPSS
Exploits140References160Affected Software1
Prion
Prion
•added 2014/02/12 4:50 a.m.•43 views

Cross site request forgery (csrf)

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service ASP.NET daemon hang via crafted HTTP requests that trigger persistent resource consumption for a 1 stale or 2 clos...

5CVSS7.1AI score0.38697EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2013/11/23 11:55 a.m.•43 views

Code injection

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors...

7.2CVSS6.6AI score0.00623EPSS
Exploits5References10Affected Software3
Prion
Prion
•added 2013/06/18 10:55 p.m.•43 views

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different...

10CVSS6.2AI score0.98704EPSS
Exploits22References26Affected Software2
Prion
Prion
•added 2011/11/09 11:55 a.m.•43 views

Design/Logic Flaw

Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site...

9.3CVSS7.2AI score0.01868EPSS
Exploits1References5Affected Software2
Prion
Prion
•added 2010/05/21 5:30 p.m.•43 views

Command injection

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247...

3.6CVSS6.2AI score0.01768EPSS
Exploits3References12Affected Software1
Prion
Prion
•added 2010/01/20 4:30 p.m.•43 views

Design/Logic Flaw

Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap...

10CVSS6.6AI score0.03573EPSS
Exploits3References2Affected Software1
Prion
Prion
•added 2009/09/17 10:30 a.m.•43 views

Stack overflow

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by...

7.5CVSS7.7AI score0.0404EPSS
Exploits0References17Affected Software1
Prion
Prion
•added 2008/12/12 6:30 p.m.•43 views

Design/Logic Flaw

CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extension, a...

9.3CVSS6.2AI score0.75946EPSS
Exploits7References4
Prion
Prion
•added 2006/05/09 10:2 a.m.•43 views

Remote file inclusion

PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkprootpath parameter...

6.4CVSS8.1AI score0.07305EPSS
Exploits1References6Affected Software1
Prion
Prion
•added 2024/03/14 10:53 p.m.•42 views

Design/Logic Flaw

RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...

6.4AI score0.00521EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2024/03/11 6:15 p.m.•42 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

7.2AI score0.0095EPSS
Exploits0References4
Prion
Prion
•added 2024/03/02 10:15 p.m.•42 views

Memory corruption

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc'ed for: sizeofstruct iwlnvmdata + sizeofstruct ieee80211channel + sizeofstruct ieee80211rate 'mvm-nvmdata' is a 'struct iwlnvmdata', so it is...

7.5AI score0.00237EPSS
Exploits0References4
Prion
Prion
•added 2024/02/29 3:15 a.m.•42 views

Information disclosure

IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

5.4AI score0.00449EPSS
Exploits0References2
Prion
Prion
•added 2024/01/28 4:15 a.m.•42 views

Code injection

An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

7.5CVSS8.2AI score0.01456EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2024/01/08 7:15 p.m.•42 views

Remote code execution

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution...

6.5CVSS7.5AI score0.0137EPSS
Exploits2References1Affected Software1
Prion
Prion
•added 2023/11/22 4:15 p.m.•42 views

Sql injection

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses the plainte...

7.5CVSS6.5AI score0.00903EPSS
Exploits2References3Affected Software1
Prion
Prion
•added 2023/10/23 7:15 a.m.•42 views

Design/Logic Flaw

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

2.6CVSS7.3AI score0.99999EPSS
Exploits20References3Affected Software2
Prion
Prion
•added 2023/10/11 10:15 p.m.•42 views

Design/Logic Flaw

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

5CVSS7.5AI score0.03796EPSS
Exploits0References39Affected Software3
Total number of security vulnerabilities5000