Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2016/07/19 2:0 a.m.•43 views

Design/Logic Flaw

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...

6.8CVSS8.9AI score0.55724EPSS
Exploits0References54Affected Software20
Prion
Prion
•added 2016/05/16 10:59 a.m.•43 views

Integer overflow

Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because ...

7.5CVSS8.3AI score0.20837EPSS
Exploits2References13Affected Software9
Prion
Prion
•added 2016/03/02 11:59 a.m.•43 views

Sql injection

The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to...

4.3CVSS6AI score0.82112EPSS
Exploits2References31Affected Software1
Prion
Prion
•added 2015/09/09 12:59 a.m.•43 views

Design/Logic Flaw

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE...

9.3CVSS7.6AI score0.19155EPSS
Exploits0References2Affected Software4
Prion
Prion
•added 2014/11/16 12:59 a.m.•43 views

Design/Logic Flaw

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

5CVSS6.9AI score0.02372EPSS
Exploits0References6Affected Software10
Prion
Prion
•added 2014/10/15 3:55 p.m.•43 views

Design/Logic Flaw

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE...

4CVSS6.1AI score0.03422EPSS
Exploits0References47Affected Software3
Prion
Prion
•added 2014/02/12 4:50 a.m.•43 views

Cross site request forgery (csrf)

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service ASP.NET daemon hang via crafted HTTP requests that trigger persistent resource consumption for a 1 stale or 2 clos...

5CVSS7.1AI score0.38697EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2013/11/23 11:55 a.m.•43 views

Code injection

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors...

7.2CVSS6.6AI score0.00623EPSS
Exploits5References10Affected Software3
Prion
Prion
•added 2013/06/18 10:55 p.m.•43 views

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different...

10CVSS6.2AI score0.98704EPSS
Exploits22References26Affected Software2
Prion
Prion
•added 2011/11/09 11:55 a.m.•43 views

Design/Logic Flaw

Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site...

9.3CVSS7.2AI score0.01868EPSS
Exploits1References5Affected Software2
Prion
Prion
•added 2010/05/21 5:30 p.m.•43 views

Command injection

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247...

3.6CVSS6.2AI score0.01768EPSS
Exploits3References12Affected Software1
Prion
Prion
•added 2010/01/20 4:30 p.m.•43 views

Design/Logic Flaw

Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap...

10CVSS6.6AI score0.03573EPSS
Exploits3References2Affected Software1
Prion
Prion
•added 2009/09/17 10:30 a.m.•43 views

Stack overflow

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by...

7.5CVSS7.7AI score0.0404EPSS
Exploits0References17Affected Software1
Prion
Prion
•added 2007/10/05 9:17 p.m.•43 views

Heap overflow

Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives...

9.3CVSS8.2AI score0.05957EPSS
Exploits1References6Affected Software12
Prion
Prion
•added 2024/03/14 10:53 p.m.•42 views

Design/Logic Flaw

RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...

6.4AI score0.00521EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2024/03/11 6:15 p.m.•42 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

7.2AI score0.0095EPSS
Exploits0References4
Prion
Prion
•added 2024/03/02 10:15 p.m.•42 views

Memory corruption

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc'ed for: sizeofstruct iwlnvmdata + sizeofstruct ieee80211channel + sizeofstruct ieee80211rate 'mvm-nvmdata' is a 'struct iwlnvmdata', so it is...

7.5AI score0.00237EPSS
Exploits0References4
Prion
Prion
•added 2024/02/29 3:15 a.m.•42 views

Information disclosure

IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

5.4AI score0.00449EPSS
Exploits0References2
Prion
Prion
•added 2024/01/28 4:15 a.m.•42 views

Code injection

An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

7.5CVSS8.2AI score0.01456EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/11/22 4:15 p.m.•42 views

Sql injection

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses the plainte...

7.5CVSS6.5AI score0.00903EPSS
Exploits2References3Affected Software1
Prion
Prion
•added 2023/10/23 7:15 a.m.•42 views

Design/Logic Flaw

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

2.6CVSS7.3AI score0.99999EPSS
Exploits20References3Affected Software2
Prion
Prion
•added 2023/10/10 6:15 p.m.•42 views

Privilege escalation

Skype for Business Elevation of Privilege Vulnerability...

5CVSS5.6AI score0.90353EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/09/08 9:15 p.m.•42 views

Design/Logic Flaw

IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268...

5CVSS7.3AI score0.00762EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/09/06 2:15 p.m.•42 views

Design/Logic Flaw

A use-after-free vulnerability in the Linux kernel's afunix component can be exploited to achieve local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unixstreamsendpage could...

3.5CVSS6.8AI score0.00549EPSS
Exploits1References6Affected Software2
Prion
Prion
•added 2023/07/28 5:15 a.m.•42 views

Cross site scripting

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges...

7.5CVSS8.3AI score0.00948EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2023/07/13 10:15 a.m.•42 views

Design/Logic Flaw

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts...

5.8CVSS6AI score0.00559EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/07/11 6:15 p.m.•42 views

Security feature bypass

Microsoft SharePoint Server Security Feature Bypass Vulnerability...

5CVSS7.5AI score0.01011EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/06/01 5:15 p.m.•42 views

Heap overflow

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function formatlogline could allow remote attackers to cause a DoS ...

1.9CVSS5.7AI score0.01473EPSS
Exploits1References2Affected Software2
Prion
Prion
•added 2023/05/30 2:15 p.m.•42 views

Authentication flaw

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

4.3CVSS6.8AI score0.73461EPSS
Exploits0References12Affected Software2
Prion
Prion
•added 2023/05/26 6:15 p.m.•42 views

Authentication flaw

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

6.4CVSS6.9AI score0.01061EPSS
Exploits2References7Affected Software3
Prion
Prion
•added 2023/05/10 9:15 a.m.•42 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Muffingroup Betheme theme = 26.7.5 versions...

5.8CVSS6AI score0.00382EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/04/24 9:15 p.m.•42 views

Cross site scripting

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. When combined with...

4.9CVSS6.7AI score0.01972EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2023/04/18 9:15 p.m.•42 views

Design/Logic Flaw

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support e.g. annotated with @MultipartConfig that call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause OutOfMemoryError when the client sends a multipart request with a part...

5CVSS5.2AI score0.0326EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2023/03/23 8:15 p.m.•42 views

Deserialization of untrusted data

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

7.5CVSS9.5AI score0.17937EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/03/10 10:15 p.m.•42 views

Design/Logic Flaw

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts...

5CVSS7.5AI score0.7761EPSS
Exploits4References1Affected Software1
Prion
Prion
•added 2023/02/28 8:15 p.m.•42 views

Remote code execution

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

7.5CVSS9.5AI score0.99637EPSS
Exploits23References6Affected Software2
Prion
Prion
•added 2023/01/11 10:15 p.m.•42 views

Buffer overflow

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

6.5CVSS9.8AI score0.00853EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/11/01 6:15 p.m.•42 views

Stack overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

5CVSS7.9AI score0.89804EPSS
Exploits6References40Affected Software3
Prion
Prion
•added 2022/10/13 1:15 p.m.•42 views

Design/Logic Flaw

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

7.5CVSS9.9AI score0.99931EPSS
Exploits41References9Affected Software2
Prion
Prion
•added 2022/09/26 2:15 a.m.•42 views

Design/Logic Flaw

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...

7.5CVSS8.7AI score0.95478EPSS
Exploits7References5Affected Software1
Prion
Prion
•added 2022/08/24 4:15 p.m.•42 views

Authorization

It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6...

5.1CVSS9.5AI score0.99999EPSS
Exploits353References7Affected Software1
Prion
Prion
•added 2022/08/23 1:15 a.m.•42 views

Open redirect

DISPUTED Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page stat...

4.3CVSS7.1AI score0.0199EPSS
Exploits0References18Affected Software2
Prion
Prion
•added 2022/07/19 10:15 p.m.•42 views

Design/Logic Flaw

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to...

2.6CVSS5.8AI score0.02062EPSS
Exploits0References11Affected Software7
Prion
Prion
•added 2022/07/18 7:15 a.m.•42 views

Command injection

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to...

6.5CVSS8.8AI score0.92984EPSS
Exploits12References3Affected Software1
Prion
Prion
•added 2022/07/16 7:15 a.m.•42 views

Authorization

Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged...

5CVSS7.4AI score0.01393EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/07/14 8:15 p.m.•42 views

Input validation

The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...

5CVSS7.5AI score0.01562EPSS
Exploits2References3Affected Software1
Prion
Prion
•added 2022/07/07 9:15 p.m.•42 views

Unrestricted file upload

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317...

7.5CVSS9.3AI score0.83476EPSS
Exploits10References5Affected Software1
Prion
Prion
•added 2022/07/07 1:15 p.m.•42 views

Privilege escalation

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel...

6.5CVSS7AI score0.32233EPSS
Exploits4References4Affected Software1
Prion
Prion
•added 2022/07/05 4:15 p.m.•42 views

Sql injection

SQL Injection vulnerability in admin interface /vicidial/admin.php of VICIdial via modifyemailaccounts, accessrecordings, and agentcallemail parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make i...

8.5CVSS8.7AI score0.03196EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2022/06/09 5:15 p.m.•42 views

Design/Logic Flaw

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

5CVSS8.5AI score0.19008EPSS
Exploits1References6Affected Software2
Total number of security vulnerabilities5000