Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2010/12/29 6:0 p.m.•41 views

Design/Logic Flaw

The bcmconnect function in net/can/bcm.c aka the Broadcast Manager in the Controller Area Network CAN implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensiti...

2.1CVSS5.9AI score0.00496EPSS
Exploits2References11Affected Software1
Prion
Prion
•added 2010/07/22 5:43 a.m.•41 views

Code injection

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted 1 .LNK or 2 .PIF shortcut file, which is not properly handled during icon display in Windows Explorer...

9.3CVSS7.3AI score0.91324EPSS
Exploits15References14Affected Software3
Prion
Prion
•added 2010/05/21 5:30 p.m.•41 views

Command injection

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247...

3.6CVSS6.2AI score0.01768EPSS
Exploits3References12Affected Software1
Prion
Prion
•added 2010/04/01 10:30 p.m.•41 views

Privilege escalation

The memory-management implementation in the Virtual Machine Monitor aka VMM or hypervisor in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allo...

9.3CVSS8.2AI score0.28163EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2008/12/12 6:30 p.m.•41 views

Design/Logic Flaw

CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header aka "EXE info" at the beginning, and modifying the filename to have 1 no extension, 2 a .txt extension, or 3 a .jpg extension, a...

9.3CVSS6.2AI score0.75946EPSS
Exploits7References4
Prion
Prion
•added 2008/08/04 1:41 a.m.•41 views

Cross site scripting

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method...

4.3CVSS5.6AI score0.75865EPSS
Exploits2References64Affected Software1
Prion
Prion
•added 2007/01/19 1:28 a.m.•41 views

Sql injection

SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS9AI score0.01989EPSS
Exploits1References8Affected Software1
Prion
Prion
•added 2006/03/03 11:2 a.m.•41 views

Default configuration

The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service traffic amplification via DNS queries with...

5CVSS6.8AI score0.5726EPSS
Exploits2References4Affected Software1
Prion
Prion
•added 2024/03/15 12:17 a.m.•40 views

Cross site scripting

A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

6.1AI score0.00574EPSS
Exploits1References2
Prion
Prion
•added 2024/03/14 10:53 p.m.•40 views

Input validation

Grav is a content management system CMS. Prior to version 1.7.43, users who may write a page may use the frontmatter feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue...

7.9AI score0.01357EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2024/03/14 10:51 p.m.•40 views

Default credentials

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...

7.3AI score0.00615EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2024/03/06 5:15 p.m.•40 views

Cross site scripting

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

5.4AI score0.01129EPSS
Exploits0References1
Prion
Prion
•added 2024/03/06 5:15 p.m.•40 views

Cross site scripting

Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4AI score0.00681EPSS
Exploits0References1
Prion
Prion
•added 2024/03/05 3:15 a.m.•40 views

Design/Logic Flaw

Missing release of resource after effective lifetime CWE-772 in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the...

2.1CVSS6.2AI score0.00173EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 1:42 a.m.•40 views

Cross site scripting

The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

5.8CVSS6.6AI score0.00499EPSS
Exploits0References2
Prion
Prion
•added 2024/02/21 5:15 p.m.•40 views

Null pointer dereference

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...

5CVSS7.2AI score0.00831EPSS
Exploits0References3
Prion
Prion
•added 2024/02/15 2:15 p.m.•40 views

Command injection

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user...

5.8CVSS8AI score0.03687EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2024/02/13 2:15 p.m.•40 views

Design/Logic Flaw

A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through...

5CVSS6.9AI score0.01231EPSS
Exploits0References6
Prion
Prion
•added 2024/02/06 1:15 a.m.•40 views

Code injection

The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly...

4.3CVSS7.1AI score0.00274EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2024/01/16 10:15 p.m.•40 views

Cross site scripting

Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the...

4.9CVSS5.6AI score0.00745EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2023/12/04 10:15 p.m.•40 views

Sql injection

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

5CVSS7.9AI score0.73708EPSS
Exploits11References2Affected Software1
Prion
Prion
•added 2023/11/16 6:15 p.m.•40 views

Null pointer dereference

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

1CVSS6.8AI score0.00249EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2023/10/27 7:15 p.m.•40 views

Denial of service

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA Virtual Server...

5CVSS7.5AI score0.00878EPSS
Exploits0References1
Prion
Prion
•added 2023/10/19 7:15 p.m.•40 views

Sql injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

4CVSS6.6AI score0.01872EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/09/16 1:15 a.m.•40 views

Cross site scripting

A cross-site scripting XSS vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL...

6CVSS7.8AI score0.00725EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2023/09/08 10:15 p.m.•40 views

Cross site scripting

IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571...

4.9CVSS5.5AI score0.00365EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/09/06 9:15 p.m.•40 views

Design/Logic Flaw

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...

4.6CVSS8.2AI score0.0049EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/09/06 5:15 p.m.•40 views

Design/Logic Flaw

Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only...

5CVSS5.5AI score0.0041EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/09/04 3:15 a.m.•40 views

Out-of-bounds

In imgsyscmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381...

3.8CVSS6.7AI score0.00094EPSS
Exploits0References1Affected Software4
Prion
Prion
•added 2023/08/11 3:15 a.m.•40 views

Information disclosure

Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

1.7CVSS6.7AI score0.03882EPSS
Exploits1References14Affected Software3
Prion
Prion
•added 2023/08/10 2:15 p.m.•40 views

Design/Logic Flaw

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...

1.9CVSS5.4AI score0.0213EPSS
Exploits0References1Affected Software4
Prion
Prion
•added 2023/08/08 6:15 p.m.•40 views

Information disclosure

Microsoft SharePoint Server Information Disclosure Vulnerability...

4CVSS6.3AI score0.02153EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/07/11 6:15 p.m.•40 views

Remote code execution

Microsoft SharePoint Server Remote Code Execution Vulnerability...

6.5CVSS8.7AI score0.05155EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/05/08 9:15 p.m.•40 views

Cross site scripting

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the socket.io parent package. Older versions are not impacted. A...

4CVSS6.4AI score0.01327EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2023/04/18 9:15 p.m.•40 views

Design/Logic Flaw

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " double...

5CVSS5.3AI score0.013EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2023/04/13 11:15 p.m.•40 views

Privilege escalation

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate...

4.3CVSS7.7AI score0.01051EPSS
Exploits4References2Affected Software2
Prion
Prion
•added 2023/03/28 3:15 p.m.•40 views

Default configuration

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5CVSS6.4AI score0.01583EPSS
Exploits0References9Affected Software1
Prion
Prion
•added 2023/02/23 8:15 p.m.•40 views

Design/Logic Flaw

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

4.3CVSS7.4AI score0.01703EPSS
Exploits1References6Affected Software3
Prion
Prion
•added 2023/01/04 10:15 p.m.•40 views

Input validation

Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with...

5CVSS7.5AI score0.04923EPSS
Exploits1References6Affected Software1
Prion
Prion
•added 2022/12/22 8:15 p.m.•40 views

Design/Logic Flaw

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91.7...

4.3CVSS5.2AI score0.00655EPSS
Exploits0References4Affected Software3
Prion
Prion
•added 2022/12/20 7:15 p.m.•40 views

Design/Logic Flaw

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects...

7.5CVSS9.3AI score0.01026EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2022/12/02 1:15 p.m.•40 views

Privilege escalation

Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally...

2.1CVSS4.2AI score0.00514EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/10/29 2:15 a.m.•40 views

Design/Logic Flaw

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure cleartext HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the host nam...

5CVSS8.2AI score0.01644EPSS
Exploits0References11Affected Software3
Prion
Prion
•added 2022/10/19 11:15 a.m.•40 views

Authentication flaw

Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / startapply.htm, an attacker can change the administrator password without any authentication...

5CVSS7.7AI score0.00927EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2022/10/18 2:15 p.m.•40 views

Authentication flaw

An authentication bypass using an alternate path or channel CWE-288 in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform...

7.5CVSS9.7AI score0.99984EPSS
Exploits25References3Affected Software3
Prion
Prion
•added 2022/08/09 8:15 p.m.•40 views

Spoofing

.NET Spoofing Vulnerability...

2.6CVSS5.8AI score0.0192EPSS
Exploits0References1Affected Software3
Prion
Prion
•added 2022/07/11 1:15 a.m.•40 views

Path traversal

The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

6.4CVSS9.3AI score0.01118EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/07/07 9:15 p.m.•40 views

Design/Logic Flaw

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario...

4CVSS5.2AI score0.00938EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2022/06/02 2:15 p.m.•40 views

Design/Logic Flaw

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTPS redirects is used with authentication could leak credentials to other services that exist on different protocols ...

3.5CVSS6.7AI score0.01595EPSS
Exploits1References5Affected Software2
Prion
Prion
•added 2022/05/09 6:15 p.m.•40 views

Design/Logic Flaw

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including KernelFloat and Stringtof...

4.3CVSS8.5AI score0.04127EPSS
Exploits0References14Affected Software3
Total number of security vulnerabilities5000