Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2008/04/09 9:5 p.m.39 views

Code injection

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly...

9.3CVSS7.7AI score0.5977EPSS
Exploits3References22Affected Software4
Prion
Prion
added 2008/01/25 1:0 a.m.39 views

Code injection

curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...

5CVSS6.3AI score0.05575EPSS
Exploits2References28Affected Software1
Prion
Prion
added 2007/12/10 9:46 p.m.39 views

Code injection

MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER...

3.5CVSS6.8AI score0.02226EPSS
Exploits2References25Affected Software1
Prion
Prion
added 2007/08/18 9:17 p.m.39 views

Directory traversal

Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. dot dot in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink...

2.1CVSS6.4AI score0.00478EPSS
Exploits1References10Affected Software1
Prion
Prion
added 2006/06/02 7:2 p.m.39 views

Design/Logic Flaw

Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control...

4.3CVSS6.4AI score0.02234EPSS
Exploits0References39Affected Software2
Prion
Prion
added 2006/05/19 10:2 p.m.39 views

Race condition

Race condition in the doaddcounters function in netfilter for Linux kernel 2.6.16 allows local users with CAPNETADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-re...

4.7CVSS6.3AI score0.00296EPSS
Exploits0References22Affected Software1
Prion
Prion
added 2006/01/31 6:3 p.m.39 views

Heap overflow

Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service crash when the pngdostripfiller function is used to strip alpha channels out of the image...

5CVSS7AI score0.03008EPSS
Exploits0References13Affected Software1
Prion
Prion
added 2024/12/31 1:15 p.m.38 views

CVE-2024-56042

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3...

0.00688EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 10:54 p.m.38 views

CVE-2024-28251

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

5.1CVSS7.3AI score0.00239EPSS
Exploits0
Prion
Prion
added 2024/03/12 7:15 p.m.38 views

Authentication flaw

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...

6.4CVSS7.1AI score0.01765EPSS
Exploits0References2
Prion
Prion
added 2024/03/12 5:15 p.m.38 views

Privilege escalation

Windows Error Reporting Service Elevation of Privilege Vulnerability...

4.3CVSS8.5AI score0.04014EPSS
Exploits0References1
Prion
Prion
added 2024/03/06 8:15 p.m.38 views

Code injection

Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The...

3.6CVSS6.6AI score0.0045EPSS
Exploits0References2
Prion
Prion
added 2024/03/06 7:15 p.m.38 views

Design/Logic Flaw

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

9.5AI score0.01251EPSS
Exploits1References2
Prion
Prion
added 2024/03/06 5:15 p.m.38 views

Design/Logic Flaw

In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...

6.6AI score0.00556EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:43 a.m.38 views

Information disclosure

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

5CVSS7.3AI score0.00461EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.38 views

Authorization

Authorization Bypass Through User-Controlled Key vulnerability in NetIQ OpenText Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6...

3.3CVSS7.6AI score0.0019EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:40 a.m.38 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530...

2.1CVSS5.7AI score0.00335EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:28 p.m.38 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep:...

7AI score0.00208EPSS
Exploits0References2
Prion
Prion
added 2024/02/13 4:15 a.m.38 views

Xxe

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...

7.5CVSS7AI score0.94721EPSS
Exploits1References1Affected Software3
Prion
Prion
added 2024/02/05 6:15 a.m.38 views

Input validation

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:...

5CVSS7.3AI score0.01205EPSS
Exploits0References1
Prion
Prion
added 2024/01/29 1:15 p.m.38 views

Design/Logic Flaw

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

5CVSS7.1AI score0.01149EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/01/16 4:15 p.m.38 views

Sql injection

The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

7.5CVSS7.9AI score0.0084EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2024/01/12 5:15 p.m.38 views

Command injection

A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance...

5.8CVSS8AI score0.99999EPSS
Exploits23References2Affected Software2
Prion
Prion
added 2024/01/09 6:15 p.m.38 views

Privilege escalation

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability...

4.3CVSS7AI score0.11509EPSS
Exploits0References1Affected Software8
Prion
Prion
added 2024/01/09 6:15 p.m.38 views

Spoofing

Microsoft Bluetooth Driver Spoofing Vulnerability...

2.9CVSS6.9AI score0.0583EPSS
Exploits3References1Affected Software7
Prion
Prion
added 2024/01/05 5:15 p.m.38 views

Design/Logic Flaw

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

1.7CVSS5.5AI score0.02501EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/14 5:15 a.m.38 views

Design/Logic Flaw

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect agains...

6.5CVSS7.1AI score0.0104EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/12/07 10:15 p.m.38 views

Deserialization of untrusted data

A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqosexpressdevices/smartqosnormaldevices leads to deserialization. It is possible to...

9CVSS7AI score0.02347EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/12/04 11:15 p.m.38 views

Design/Logic Flaw

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

5CVSS6.9AI score0.04777EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/11/14 9:15 p.m.38 views

Authentication flaw

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass log...

7.5CVSS7.9AI score0.01345EPSS
Exploits4References4Affected Software1
Prion
Prion
added 2023/11/14 7:15 p.m.38 views

Race condition

A race condition in System Management Mode SMM code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation...

5.1CVSS7.3AI score0.18404EPSS
Exploits9References1Affected Software71
Prion
Prion
added 2023/11/14 6:15 p.m.38 views

Security feature bypass

Microsoft Office Security Feature Bypass Vulnerability...

4.3CVSS7AI score0.2997EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/11/03 8:15 p.m.38 views

Design/Logic Flaw

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...

5.8CVSS8.1AI score0.02464EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/11/02 3:15 p.m.38 views

Sql injection

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

7.5CVSS9.9AI score0.007EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/11/02 2:15 p.m.38 views

Open redirect

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.9AI score
Exploits0
Prion
Prion
added 2023/10/31 4:15 a.m.38 views

Deserialization of untrusted data

Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution...

7.5CVSS9.6AI score0.32257EPSS
Exploits4References1Affected Software1
Prion
Prion
added 2023/10/30 7:15 p.m.38 views

Cross site request forgery (csrf)

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue...

7.5CVSS9.3AI score0.00347EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/10/27 4:15 a.m.38 views

Command injection

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain a command injection vulnerability...

7.5CVSS9.8AI score0.20477EPSS
Exploits3References4Affected Software1
Prion
Prion
added 2023/10/27 3:15 a.m.38 views

Race condition

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory and th...

3.5CVSS6.5AI score0.00693EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/10/16 11:15 a.m.38 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in 10 Quality Post Gallery plugin = 2.3.12 versions...

6.8CVSS8.8AI score0.00214EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/12 5:15 p.m.39 views

Design/Logic Flaw

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

5CVSS7.4AI score0.01364EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2023/10/04 5:15 p.m.38 views

Information disclosure

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and unknowingly leak...

5.5CVSS7.6AI score0.01207EPSS
Exploits0References7Affected Software3
Prion
Prion
added 2023/09/27 3:19 p.m.38 views

Design/Logic Flaw

During process shutdown, it was possible that an ImageBitmap was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox 118...

7.5CVSS8.7AI score0.00835EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/09/15 9:15 p.m.38 views

Authentication flaw

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...

4CVSS4.8AI score0.00753EPSS
Exploits1References5Affected Software2
Prion
Prion
added 2023/09/12 2:15 a.m.38 views

Path traversal

The use of the deprecated API process.binding can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of...

5CVSS8.3AI score0.01481EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/09/08 3:15 a.m.38 views

Race condition

GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...

5CVSS6.7AI score0.98945EPSS
Exploits17References1Affected Software3
Prion
Prion
added 2023/09/05 10:15 p.m.38 views

Type confusion

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

6.8CVSS8.4AI score0.37987EPSS
Exploits2References10Affected Software3
Prion
Prion
added 2023/08/23 3:15 p.m.38 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Yoast Yoast SEO: Local plugin = 14.8 versions...

5.8CVSS6AI score0.00379EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/22 7:16 p.m.38 views

Design/Logic Flaw

An issue was discovered in Binutils addr2line before 2.39.3, function parsemodule contains multiple out of bound reads which may cause a denial of service or other unspecified impacts...

4.4CVSS7.4AI score0.00434EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/08/09 7:15 a.m.38 views

Hardcoded credentials

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...

3.3CVSS5.1AI score0.00339EPSS
Exploits0References1Affected Software6
Total number of security vulnerabilities5000