Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2008/07/17 1:41 p.m.40 views

Design/Logic Flaw

Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933...

7.5CVSS7.5AI score0.02962EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2008/05/18 2:20 p.m.40 views

Authentication flaw

The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorizedkeys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool...

5CVSS5.6AI score0.70721EPSS
Exploits7References2Affected Software1
Prion
Prion
added 2007/09/04 10:17 p.m.40 views

Design/Logic Flaw

Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch CSS series 11000 devices allows remote attackers to cause a denial of service connection slot exhaustion and device crash via a series of large packets designed to exploit the...

5CVSS7AI score0.32416EPSS
Exploits1References4Affected Software3
Prion
Prion
added 2007/08/31 12:17 a.m.40 views

Remote file inclusion

PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War VWar 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwarroot parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747...

7.5CVSS7.6AI score0.03893EPSS
Exploits3References2Affected Software1
Prion
Prion
added 2007/01/09 11:28 a.m.40 views

Code injection

Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to 1...

7.5CVSS6.9AI score0.02131EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.39 views

Authentication flaw

Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the...

7.3AI score0.00965EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2024/03/12 3:15 p.m.39 views

Cross site scripting

A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via...

7.5CVSS9.7AI score0.03279EPSS
Exploits0References1
Prion
Prion
added 2024/03/12 1:15 a.m.39 views

Cross site scripting

Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to...

4.9CVSS5.4AI score0.00474EPSS
Exploits0References2
Prion
Prion
added 2024/03/11 6:15 p.m.39 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the acceptqueue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at...

7.2AI score0.00173EPSS
Exploits0References6
Prion
Prion
added 2024/03/05 11:15 p.m.39 views

Design/Logic Flaw

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...

6.6AI score0.00795EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:44 a.m.39 views

Open redirect

Inadequate parsing of URLs could result into an open redirect...

7.2AI score0.00537EPSS
Exploits0References1
Prion
Prion
added 2024/02/28 9:15 a.m.39 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dmamapsingle fails The spi controller supports 44-bit address space on AXI in DMA mode, so set dmaaddrt width to 44-bit to avoid using a swiotlb mapping. In addition, if dmamapsingle fails...

6.7AI score0.00239EPSS
Exploits0References4
Prion
Prion
added 2024/02/26 4:27 p.m.39 views

Design/Logic Flaw

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

5CVSS6.9AI score0.01433EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.39 views

Design/Logic Flaw

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

2.3CVSS7.1AI score0.00517EPSS
Exploits1References3
Prion
Prion
added 2024/02/23 12:15 p.m.39 views

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2...

3.6CVSS5.5AI score0.00303EPSS
Exploits0References1
Prion
Prion
added 2024/02/13 6:15 p.m.39 views

Remote code execution

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

6.8CVSS8.2AI score0.01549EPSS
Exploits0References1Affected Software14
Prion
Prion
added 2024/02/09 6:15 p.m.39 views

Design/Logic Flaw

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

5CVSS7.5AI score0.0305EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/02/08 5:15 p.m.39 views

Design/Logic Flaw

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...

7.5CVSS9.3AI score0.01613EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2024/02/08 1:15 p.m.39 views

Command injection

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

6CVSS8.6AI score0.01465EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/02/07 9:15 p.m.39 views

Null pointer dereference

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service...

5CVSS6.8AI score0.01448EPSS
Exploits0References8Affected Software15
Prion
Prion
added 2024/02/06 6:15 a.m.39 views

Memory corruption

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation...

3.5CVSS7.6AI score0.00082EPSS
Exploits0References1
Prion
Prion
added 2024/01/19 9:15 p.m.39 views

Design/Logic Flaw

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...

5CVSS7AI score0.00912EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/12/12 6:15 p.m.39 views

Remote code execution

Windows MSHTML Platform Remote Code Execution Vulnerability...

5.1CVSS7.7AI score0.92817EPSS
Exploits0References1Affected Software11
Prion
Prion
added 2023/11/28 4:15 p.m.39 views

Input validation

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...

5CVSS6.8AI score0.02651EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/10/27 11:15 p.m.39 views

Buffer overflow

Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file...

4.4CVSS7.7AI score0.00204EPSS
Exploits0References1
Prion
Prion
added 2023/09/25 8:15 p.m.39 views

Input validation

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverab...

5CVSS7.3AI score0.0104EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/08/23 5:15 p.m.39 views

Design/Logic Flaw

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file such as an ordinary .JPG file and also a folder that has the same name as the benign file, and the...

4.4CVSS7.9AI score0.97798EPSS
Exploits49References5Affected Software1
Prion
Prion
added 2023/08/21 2:15 a.m.39 views

Design/Logic Flaw

A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit h...

6.5CVSS9.6AI score0.00542EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/08/09 12:15 p.m.39 views

Command injection

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this...

5.8CVSS7AI score0.12342EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2023/08/08 6:15 p.m.39 views

Spoofing

Microsoft Outlook Spoofing Vulnerability...

4.3CVSS6.5AI score0.01969EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2023/07/21 5:15 a.m.39 views

Cross site scripting

A vulnerability, which was classified as problematic, has been found in yproject RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched...

4CVSS5.9AI score0.00513EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/07/19 3:15 p.m.39 views

Security feature bypass

Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...

7.5CVSS9.2AI score0.03465EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/07/18 9:15 p.m.39 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.6AI score0.01199EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2023/07/13 3:15 a.m.39 views

Authentication flaw

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

7.5CVSS9.6AI score0.00895EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/06/29 3:15 p.m.39 views

Command injection

An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1...

7.5CVSS9.6AI score0.02839EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/06/28 2:15 a.m.39 views

Design/Logic Flaw

Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a...

4.3CVSS5.2AI score0.00547EPSS
Exploits0References1
Prion
Prion
added 2023/06/23 6:15 p.m.39 views

Type confusion

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this...

6.8CVSS8.6AI score0.23788EPSS
Exploits0References7Affected Software4
Prion
Prion
added 2023/06/07 8:15 p.m.39 views

Remote code execution

SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...

7.5CVSS10AI score0.01731EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/05/30 4:15 a.m.39 views

Input validation

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...

7.5CVSS9.6AI score0.01116EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/04/25 9:15 p.m.39 views

Design/Logic Flaw

Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer 1.1.0 and installations that include apptainer-suid 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterpri...

4.3CVSS7.5AI score0.00369EPSS
Exploits0References13Affected Software2
Prion
Prion
added 2023/04/17 10:15 p.m.39 views

Code injection

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox...

7.5CVSS8.7AI score0.72087EPSS
Exploits5References4Affected Software1
Prion
Prion
added 2023/04/12 9:15 p.m.39 views

Design/Logic Flaw

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file...

5CVSS7.3AI score0.0462EPSS
Exploits1References9Affected Software3
Prion
Prion
added 2023/04/04 12:15 p.m.39 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin = 6.0.2.0 versions...

6.8CVSS8.7AI score0.00248EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/03/28 7:15 p.m.39 views

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of...

7.5CVSS9.2AI score0.03848EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2023/03/28 7:15 p.m.39 views

Stack overflow

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length o...

7.5CVSS9.6AI score0.04446EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2023/03/22 9:15 p.m.39 views

Code injection

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...

6.5CVSS8.5AI score0.06736EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2023/03/22 9:15 p.m.39 views

Design/Logic Flaw

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...

4.3CVSS7.4AI score0.0788EPSS
Exploits14References5Affected Software1
Prion
Prion
added 2023/03/06 9:15 p.m.40 views

Design/Logic Flaw

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file...

5.8CVSS6.7AI score0.00649EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2023/03/01 4:15 p.m.39 views

Design/Logic Flaw

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

1.7CVSS5.5AI score0.59706EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/02/16 10:15 p.m.39 views

Heap overflow

Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...

7.5CVSS9.7AI score0.17563EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000