Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2020/05/07 9:15 p.m.•37 views

Open redirect

In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...

5.8CVSS6.2AI score0.0079EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2020/04/15 2:15 p.m.•37 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

5.5CVSS5.5AI score0.03014EPSS
Exploits0References11Affected Software6
Prion
Prion
•added 2020/03/12 4:15 p.m.•37 views

Privilege escalation

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

7.2CVSS7.7AI score0.42524EPSS
Exploits7References2Affected Software5
Prion
Prion
•added 2020/01/28 9:15 p.m.•37 views

Code injection

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code...

6.8CVSS7.3AI score0.07543EPSS
Exploits5References3Affected Software1
Prion
Prion
•added 2020/01/14 5:15 p.m.•37 views

Out-of-bounds

The compilebranch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service out-of-bounds heap read and crash, or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large...

6.8CVSS7.4AI score0.01575EPSS
Exploits1References4Affected Software4
Prion
Prion
•added 2019/11/18 5:15 p.m.•37 views

Xxe

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes...

5CVSS8.6AI score0.17044EPSS
Exploits0References37Affected Software5
Prion
Prion
•added 2019/11/18 6:15 a.m.•37 views

Memory corruption

A memory leak in the cx23888irprobe function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering kfifoalloc failures, aka CID-a7b2df76b42b...

4.7CVSS4.7AI score0.00446EPSS
Exploits0References8Affected Software6
Prion
Prion
•added 2019/10/16 6:15 p.m.•37 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Client programs. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL...

2.1CVSS5.7AI score0.00681EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2019/08/25 4:15 p.m.•37 views

Design/Logic Flaw

An issue was discovered in xfssetattrnonsize in fs/xfs/xfsiops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfssetattrnonsize is failing to unlock the ILOCK after the xfsqmvopchownreserve call fails. This is primarily a local...

7.8CVSS7AI score0.03916EPSS
Exploits0References14Affected Software5
Prion
Prion
•added 2019/08/23 6:15 a.m.•37 views

Cross site request forgery (csrf)

In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user in certain limited OctopusPrintVariables circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The f...

3.5CVSS6.3AI score0.00662EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2019/07/31 1:15 p.m.•37 views

Design/Logic Flaw

Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system...

2.1CVSS5.4AI score0.00471EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2019/05/09 2:29 p.m.•37 views

Code injection

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/sslsock.h error...

4.3CVSS5.6AI score0.0125EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2019/04/23 7:32 p.m.•37 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multip...

4CVSS4.8AI score0.0301EPSS
Exploits0References12Affected Software10
Prion
Prion
•added 2019/04/23 7:32 p.m.•37 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4CVSS4.8AI score0.02078EPSS
Exploits0References4Affected Software6
Prion
Prion
•added 2019/04/20 12:29 a.m.•37 views

Design/Logic Flaw

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

4.3CVSS7.4AI score0.87218EPSS
Exploits4References73Affected Software104
Prion
Prion
•added 2019/04/08 9:29 p.m.•37 views

Race condition

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

6CVSS7.3AI score0.17666EPSS
Exploits0References39Affected Software10
Prion
Prion
•added 2019/04/01 9:30 p.m.•37 views

Design/Logic Flaw

DISPUTED In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pgexecuteserverprogram' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run...

9CVSS7.3AI score0.91877EPSS
Exploits17References8Affected Software1
Prion
Prion
•added 2019/03/26 5:29 p.m.•37 views

Sql injection

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1idlist parameter...

6.8CVSS8.3AI score0.55958EPSS
Exploits38References4Affected Software1
Prion
Prion
•added 2019/03/26 1:29 a.m.•38 views

Format string

An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the user controlled shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses...

5CVSS7.5AI score0.01499EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2019/02/06 8:29 p.m.•37 views

Stack overflow

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header lib/vauth/ntlm.c:Curlauthcreatentlmtype3message, generates the request HTTP header contents based on previously received data. The check that exists ...

7.5CVSS7.1AI score0.12771EPSS
Exploits1References15Affected Software12
Prion
Prion
•added 2019/01/30 10:29 p.m.•37 views

Design/Logic Flaw

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

5CVSS7.1AI score0.59942EPSS
Exploits0References20Affected Software5
Prion
Prion
•added 2019/01/16 7:30 p.m.•37 views

Design/Logic Flaw

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging. Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MyS...

1.2CVSS4.8AI score0.00416EPSS
Exploits0References5Affected Software7
Prion
Prion
•added 2018/12/12 5:29 p.m.•37 views

Stack overflow

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion...

5CVSS7.3AI score0.06593EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2018/10/29 1:29 p.m.•37 views

Code injection

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.1.1a Affected 1.1.1...

4.3CVSS5.5AI score0.04763EPSS
Exploits0References15Affected Software15
Prion
Prion
•added 2018/10/17 1:31 a.m.•37 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.4AI score0.01423EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2018/10/10 1:29 p.m.•37 views

Security feature bypass

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8512...

4.3CVSS4.9AI score0.05498EPSS
Exploits0References3
Prion
Prion
•added 2018/10/10 1:29 p.m.•37 views

Remote code execution

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,...

7.7CVSS8.4AI score0.04126EPSS
Exploits0References3Affected Software5
Prion
Prion
•added 2018/10/04 1:29 p.m.•37 views

Design/Logic Flaw

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be generated to any URI of the...

4.3CVSS4.6AI score0.94494EPSS
Exploits3References39Affected Software14
Prion
Prion
•added 2018/07/13 2:29 p.m.•37 views

Design/Logic Flaw

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...

4.3CVSS6.3AI score0.04009EPSS
Exploits1References17Affected Software1
Prion
Prion
•added 2018/06/11 9:29 p.m.•37 views

Integer overflow

An integer overflow in "createImageBitmap" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. Thi...

7.5CVSS8.8AI score0.02802EPSS
Exploits1References5Affected Software8
Prion
Prion
•added 2018/05/18 5:29 p.m.•37 views

Stack overflow

In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the...

5CVSS7.7AI score0.0346EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2018/05/02 6:29 p.m.•37 views

Design/Logic Flaw

The dogetmempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via crafted system calls...

7.2CVSS7.5AI score0.00434EPSS
Exploits0References18Affected Software9
Prion
Prion
•added 2018/04/29 9:29 p.m.•37 views

Information disclosure

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

1.9CVSS6AI score0.00831EPSS
Exploits0References13Affected Software3
Prion
Prion
•added 2018/03/06 8:29 p.m.•37 views

Null pointer dereference

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...

6.5CVSS4.8AI score0.026EPSS
Exploits0References10Affected Software6
Prion
Prion
•added 2018/02/01 4:29 a.m.•37 views

Memory corruption

A memory leak in glibc 2.1.1 released on May 24, 1999 can be reached and amplified through the LDHWCAPMASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366...

7.2CVSS7AI score0.02733EPSS
Exploits15References6Affected Software1
Prion
Prion
•added 2018/01/22 4:29 a.m.•37 views

Remote code execution

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist...

6.8CVSS9.5AI score0.49727EPSS
Exploits7References12Affected Software7
Prion
Prion
•added 2017/11/29 6:29 p.m.•37 views

Out-of-bounds

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibly have unspecified other impact via a string that ends with an '' character...

7.5CVSS9.5AI score0.11175EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2017/10/05 7:29 a.m.•37 views

Cross site scripting

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device, aka HREF XSS. The...

4.3CVSS6AI score0.0122EPSS
Exploits0References3
Prion
Prion
•added 2017/07/10 2:29 p.m.•37 views

Out-of-bounds

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelibmeridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the...

5CVSS7.4AI score0.04812EPSS
Exploits0References12Affected Software1
Prion
Prion
•added 2017/05/23 4:29 a.m.•37 views

Null pointer dereference

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic...

6.8CVSS7.3AI score0.04793EPSS
Exploits0References30Affected Software19
Prion
Prion
•added 2017/04/24 7:59 p.m.•37 views

Design/Logic Flaw

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks...

4.4CVSS6.5AI score0.00415EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2017/04/12 2:59 p.m.•37 views

Denial of service

A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denia...

5.2CVSS5.4AI score0.05673EPSS
Exploits0References2Affected Software2
Prion
Prion
•added 2017/03/27 3:59 p.m.•37 views

Design/Logic Flaw

The xhcikickepctx function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service infinite loop and QEMU process crash via vectors related to control transfer descriptor sequence...

2.1CVSS6.1AI score0.00456EPSS
Exploits0References9Affected Software4
Prion
Prion
•added 2017/03/17 12:59 a.m.•37 views

Remote code execution

Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from that described in...

7.9CVSS8.7AI score0.03902EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2017/03/12 6:59 a.m.•37 views

Command injection

The addprobe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / slash character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /sndpcm none /" command...

2.1CVSS6.6AI score0.00635EPSS
Exploits2References10Affected Software1
Prion
Prion
•added 2017/03/02 1:59 a.m.•37 views

Input validation

The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service...

4.3CVSS6.7AI score0.04006EPSS
Exploits0References9Affected Software1
Prion
Prion
•added 2017/01/18 10:59 p.m.•37 views

Design/Logic Flaw

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996...

5CVSS7.1AI score0.02095EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2016/11/10 9:59 p.m.•37 views

Race condition

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write COW feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."...

7.2CVSS6.9AI score0.83524EPSS
Exploits81References126Affected Software8
Prion
Prion
•added 2016/11/10 6:59 a.m.•37 views

Privilege escalation

The Common Log File System CLFS driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted...

9.3CVSS7.4AI score0.12625EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2016/08/07 10:59 a.m.•37 views

Integer overflow

Integer overflow in the phpescapehtmlentitiesex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTERSANITIZEFULLSPECIALCHARS...

7.5CVSS9.2AI score0.0464EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities5000