Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2014/07/20 11:12 a.m.39 views

Race condition

Race condition in the modstatus module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service heap-based buffer overflow, or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard...

6.8CVSS8.2AI score0.85744EPSS
Exploits4References53Affected Software5
Prion
Prion
added 2014/04/08 11:55 p.m.39 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0325, CVE-2014-3538. Reason: This candidate is a duplicate of CVE-2014-0325 and/or CVE-2014-3538. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-0325 instead of this candidate for the...

6.5AI score0.16114EPSS
Exploits2
Prion
Prion
added 2013/12/07 12:55 a.m.39 views

Code injection

actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...

5CVSS6.8AI score0.207EPSS
Exploits2References13Affected Software2
Prion
Prion
added 2013/10/11 10:55 p.m.39 views

Buffer overflow

Buffer overflow in the mp4a packetizer modules/packetizer/mpeg4audio.c in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...

6.8CVSS8.5AI score0.03782EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2013/09/16 1:1 p.m.39 views

Design/Logic Flaw

HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...

10CVSS7.8AI score0.81832EPSS
Exploits38References7Affected Software2
Prion
Prion
added 2013/07/10 10:55 a.m.39 views

Design/Logic Flaw

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline, which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation...

6.8CVSS6.5AI score0.01145EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2013/06/18 10:55 p.m.39 views

Design/Logic Flaw

Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous...

4.3CVSS6.1AI score0.66817EPSS
Exploits1References38Affected Software3
Prion
Prion
added 2013/04/09 8:55 p.m.39 views

Design/Logic Flaw

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

7.5CVSS7.6AI score0.99449EPSS
Exploits21References2Affected Software1
Prion
Prion
added 2012/08/10 10:34 a.m.39 views

Cross site scripting

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formtaghelper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the selecttag helper...

4.3CVSS6AI score0.01306EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2012/06/16 9:55 p.m.39 views

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to...

10CVSS7.9AI score0.93688EPSS
Exploits9References10Affected Software2
Prion
Prion
added 2011/05/23 10:55 p.m.39 views

Command injection

The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

6.8CVSS6.8AI score0.16334EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2011/03/16 10:55 p.m.39 views

Command injection

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

6.8CVSS6.7AI score0.16334EPSS
Exploits1References24Affected Software1
Prion
Prion
added 2011/02/02 1:0 a.m.39 views

Heap overflow

Heap-based buffer overflow in the sqlpreparewhere function contrib/modsql.c in ProFTPD before 1.3.3d, when modsql is enabled, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly...

6.8CVSS8.6AI score0.11335EPSS
Exploits1References11Affected Software1
Prion
Prion
added 2010/02/12 7:30 p.m.39 views

Design/Logic Flaw

The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing SMP, does not use the Current Privilege Level CPL and I/O Privilege Level IOPL to restrict instruction execution, which allows guest OS users to cause a denial of service guest OS crash or gain privileges on the...

4.1CVSS6.9AI score0.02416EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2009/11/25 6:30 p.m.39 views

Cross site scripting

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting XSS attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an...

4.3CVSS5.2AI score0.14842EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2009/11/13 3:30 p.m.39 views

Design/Logic Flaw

The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service infinite loop and system hang via a 1 SMBv1 or 2 SMBv2 response packet that contains a an incorrect length value in a NetBIOS heade...

7.1CVSS6.8AI score0.34336EPSS
Exploits1References13Affected Software1
Prion
Prion
added 2009/10/01 3:30 p.m.39 views

Design/Logic Flaw

A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, relate...

6.9CVSS6.5AI score0.00318EPSS
Exploits0References11Affected Software1
Prion
Prion
added 2009/07/09 4:30 p.m.39 views

Sql injection

SQL injection vulnerability in the K2 comk2 component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php...

7.5CVSS8.9AI score0.03029EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2009/03/04 11:30 a.m.39 views

Path traversal

The aspathprepend function in rdeattr.c in bgpd in OpenBSD 4.3 and 4.4 allows remote attackers to cause a denial of service application crash via an Autonomous System AS advertisement containing a long AS path...

5CVSS7.1AI score0.0156EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2009/01/07 5:30 p.m.39 views

Input validation

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSAverify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077...

6.8CVSS6.5AI score0.0686EPSS
Exploits1References33Affected Software1
Prion
Prion
added 2008/01/25 1:0 a.m.39 views

Code injection

curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...

5CVSS6.3AI score0.05575EPSS
Exploits2References28Affected Software1
Prion
Prion
added 2007/12/10 9:46 p.m.39 views

Code injection

MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER...

3.5CVSS6.8AI score0.02226EPSS
Exploits2References25Affected Software1
Prion
Prion
added 2007/08/18 9:17 p.m.39 views

Directory traversal

Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. dot dot in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink...

2.1CVSS6.4AI score0.00478EPSS
Exploits1References10Affected Software1
Prion
Prion
added 2006/06/02 7:2 p.m.39 views

Design/Logic Flaw

Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control...

4.3CVSS6.4AI score0.02234EPSS
Exploits0References39Affected Software2
Prion
Prion
added 2006/05/19 10:2 p.m.39 views

Race condition

Race condition in the doaddcounters function in netfilter for Linux kernel 2.6.16 allows local users with CAPNETADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-re...

4.7CVSS6.3AI score0.00296EPSS
Exploits0References22Affected Software1
Prion
Prion
added 2006/01/31 6:3 p.m.39 views

Heap overflow

Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service crash when the pngdostripfiller function is used to strip alpha channels out of the image...

5CVSS7AI score0.03008EPSS
Exploits0References13Affected Software1
Prion
Prion
added 2024/12/31 1:15 p.m.38 views

CVE-2024-56042

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3...

0.00688EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 10:54 p.m.38 views

CVE-2024-28251

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

5.1CVSS7.3AI score0.00239EPSS
Exploits0
Prion
Prion
added 2024/03/12 7:15 p.m.38 views

Authentication flaw

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...

6.4CVSS7.1AI score0.01765EPSS
Exploits0References2
Prion
Prion
added 2024/03/06 8:15 p.m.38 views

Code injection

Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The...

3.6CVSS6.6AI score0.0045EPSS
Exploits0References2
Prion
Prion
added 2024/03/06 7:15 p.m.38 views

Design/Logic Flaw

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

9.5AI score0.01251EPSS
Exploits1References2
Prion
Prion
added 2024/03/06 5:15 p.m.38 views

Design/Logic Flaw

In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...

6.6AI score0.00556EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 11:15 p.m.38 views

Design/Logic Flaw

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...

6.6AI score0.00795EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:44 a.m.38 views

Open redirect

Inadequate parsing of URLs could result into an open redirect...

7.2AI score0.00537EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:43 a.m.38 views

Information disclosure

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

5CVSS7.3AI score0.00461EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.38 views

Authorization

Authorization Bypass Through User-Controlled Key vulnerability in NetIQ OpenText Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6...

3.3CVSS7.6AI score0.0019EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:40 a.m.38 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530...

2.1CVSS5.7AI score0.00335EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:28 p.m.38 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep:...

7AI score0.00208EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.38 views

Design/Logic Flaw

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

5CVSS6.9AI score0.01433EPSS
Exploits0References2
Prion
Prion
added 2024/02/13 4:15 a.m.38 views

Xxe

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...

7.5CVSS7AI score0.94721EPSS
Exploits1References1Affected Software3
Prion
Prion
added 2024/02/08 1:15 p.m.38 views

Command injection

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

6CVSS8.6AI score0.01465EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/02/05 6:15 a.m.38 views

Input validation

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:...

5CVSS7.3AI score0.01205EPSS
Exploits0References1
Prion
Prion
added 2024/01/29 1:15 p.m.38 views

Design/Logic Flaw

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

5CVSS7.1AI score0.01149EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/01/16 4:15 p.m.38 views

Sql injection

The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

7.5CVSS7.9AI score0.0084EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2024/01/12 5:15 p.m.38 views

Command injection

A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance...

5.8CVSS8AI score0.99999EPSS
Exploits23References2Affected Software2
Prion
Prion
added 2024/01/09 6:15 p.m.38 views

Privilege escalation

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability...

4.3CVSS7AI score0.11509EPSS
Exploits0References1Affected Software8
Prion
Prion
added 2024/01/09 6:15 p.m.38 views

Spoofing

Microsoft Bluetooth Driver Spoofing Vulnerability...

2.9CVSS6.9AI score0.0583EPSS
Exploits3References1Affected Software7
Prion
Prion
added 2024/01/05 5:15 p.m.38 views

Design/Logic Flaw

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

1.7CVSS5.5AI score0.02501EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/14 5:15 a.m.38 views

Design/Logic Flaw

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect agains...

6.5CVSS7.1AI score0.0104EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/12/07 10:15 p.m.38 views

Deserialization of untrusted data

A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqosexpressdevices/smartqosnormaldevices leads to deserialization. It is possible to...

9CVSS7AI score0.02347EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities5000