Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2023/08/21 11:15 a.m.•82 views

Cross site scripting

Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting XSS bug. We recommend upgrading to version 0.0.20 of the extension...

5.8CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/08/17 7:15 p.m.•82 views

Sql injection

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PGSleep, DBMSLock.Sleep, Waitfor, DECODE, and DBMSPIPE.RECEIVEMESSAGE functions...

1.7CVSS5.7AI score0.00277EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/06/25 6:15 p.m.•82 views

Code injection

DISPUTED The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was...

5CVSS7.4AI score0.01584EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2023/05/30 5:15 a.m.•82 views

Command injection

tgstation-server is a production scale tool for BYOND server management. The DreamMaker API DMAPI chat channel cache can possibly be poisoned by a tgstation-server TGS restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the...

5CVSS7.6AI score0.00635EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/01/26 9:15 p.m.•82 views

Integer overflow

BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and...

5CVSS7.4AI score0.5017EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/12/12 3:15 p.m.•82 views

Authorization

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism...

5CVSS5.3AI score0.00821EPSS
Exploits2References1Affected Software1
Prion
Prion
•added 2022/09/21 11:15 a.m.•82 views

Design/Logic Flaw

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

5CVSS6.3AI score0.01429EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2017/07/20 12:29 a.m.•82 views

Integer overflow

Integer overflow in the soapget function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow and application crash via a large XML document, aka Devil'...

6.8CVSS8.7AI score0.21894EPSS
Exploits2References7Affected Software1
Prion
Prion
•added 2016/09/20 6:59 p.m.•82 views

Design/Logic Flaw

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and...

10CVSS7.4AI score0.6773EPSS
Exploits16References27Affected Software12
Prion
Prion
•added 2024/01/04 3:15 p.m.•81 views

Remote code execution

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...

6.8CVSS8.1AI score0.00845EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/11/09 5:15 a.m.•81 views

Command injection

Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system. Note: An attacker must have access to the system...

4.6CVSS8AI score0.02233EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2023/10/25 6:17 p.m.•81 views

Design/Logic Flaw

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

5CVSS7.2AI score0.03332EPSS
Exploits0References8Affected Software2
Prion
Prion
•added 2022/08/11 3:15 p.m.•81 views

Input validation

Improper Input Validation vulnerability in the project upload mechanism in B&R Automation Studio version =4.0 may allow an unauthenticated network attacker to execute code...

7.5CVSS9.5AI score0.00648EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/04/13 4:15 p.m.•81 views

Input validation

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

8CVSS9.4AI score0.07017EPSS
Exploits1References29Affected Software2
Prion
Prion
•added 2021/12/14 7:15 p.m.•81 views

Default configuration

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

5.1CVSS9.5AI score0.99999EPSS
Exploits350References21Affected Software31
Prion
Prion
•added 2021/11/17 8:15 p.m.•81 views

Improper access control

The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a "fix variable names" feature that can lead to incorrect access control...

7.5CVSS9.3AI score0.0167EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2021/10/07 4:15 p.m.•81 views

Path traversal

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

7.5CVSS8.1AI score0.99992EPSS
Exploits173References30Affected Software5
Prion
Prion
•added 2017/01/05 2:59 a.m.•81 views

Design/Logic Flaw

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...

6.9CVSS6.9AI score0.0424EPSS
Exploits2References13Affected Software1
Prion
Prion
•added 2014/01/29 4:2 p.m.•81 views

Design/Logic Flaw

The hashbuffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service memory corruption or have unspecified other impact via vectors tha...

7.5CVSS7.5AI score0.04587EPSS
Exploits1References11Affected Software1
Prion
Prion
•added 2008/12/31 11:30 a.m.•81 views

Sql injection

SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828...

7.5CVSS8.8AI score0.01087EPSS
Exploits2References5Affected Software1
Prion
Prion
•added 2006/03/24 11:2 a.m.•81 views

Remote file inclusion

PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when registerglobals is disabled, allows remote attackers to include arbitrary files via the systempath parameter...

7.5CVSS7.4AI score0.01942EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2023/06/17 11:15 p.m.•80 views

Remote code execution

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3...

7.5CVSS9.8AI score0.86685EPSS
Exploits7References1Affected Software4
Prion
Prion
•added 2023/01/18 12:15 a.m.•80 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.7CVSS5.6AI score0.00817EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/12/27 10:15 p.m.•80 views

Authentication flaw

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

7.5CVSS9.6AI score0.01116EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2019/08/13 9:15 p.m.•80 views

Code injection

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

7.8CVSS7.4AI score0.58373EPSS
Exploits0References47Affected Software18
Prion
Prion
•added 2023/09/20 2:15 p.m.•79 views

Privilege escalation

An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files...

4.3CVSS7.7AI score0.00222EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2023/06/16 4:15 p.m.•79 views

Authentication flaw

xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioreadsheetlistclose function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted XLSX file...

4.4CVSS7.4AI score0.00353EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2022/09/09 2:15 p.m.•79 views

Design/Logic Flaw

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

5CVSS7.4AI score0.03213EPSS
Exploits0References27Affected Software4
Prion
Prion
•added 2022/03/23 1:15 p.m.•79 views

Code injection

BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as th...

4CVSS6.6AI score0.0325EPSS
Exploits0References10Affected Software4
Prion
Prion
•added 2016/11/29 5:59 p.m.•79 views

Code injection

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access...

7.2CVSS6.9AI score0.04863EPSS
Exploits6References15Affected Software2
Prion
Prion
•added 2016/03/22 10:59 a.m.•79 views

Crlf injection

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the 1 doauthenticated1 and 2 sessionx11req functions...

5.5CVSS7.1AI score0.37016EPSS
Exploits13References25Affected Software2
Prion
Prion
•added 2012/03/19 7:55 p.m.•79 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in OxWall 1.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 captchaField, 2 email, 3 formname, 4 password, 5 realname, 6 repeatPassword, or 7 username parameters to Oxwall/join; 8 captcha, 9 email, 10...

4.3CVSS6.1AI score0.01371EPSS
Exploits3References7Affected Software1
Prion
Prion
•added 2023/10/17 10:15 p.m.•78 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.3CVSS4.5AI score0.00871EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/09/01 4:15 p.m.•78 views

Unrestricted file upload

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file...

7.5CVSS9.6AI score0.01061EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/08/20 1:15 a.m.•78 views

Input validation

Improper Input Validation in GitHub repository hamza417/inure prior to build88...

3.6CVSS5.5AI score0.00381EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2022/10/18 9:15 p.m.•78 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

4CVSS3.5AI score0.00653EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/10/05 9:15 a.m.•78 views

Path traversal

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

4.3CVSS7.9AI score0.99992EPSS
Exploits173References29Affected Software3
Prion
Prion
•added 2021/06/21 8:15 p.m.•79 views

Design/Logic Flaw

An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service ReDOS through stripping crafted HTML tags...

5CVSS7.4AI score0.02455EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2019/01/31 4:29 p.m.•78 views

Buffer overflow

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation...

4.6CVSS7.7AI score0.01025EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2017/09/25 9:29 p.m.•78 views

Design/Logic Flaw

pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration...

6.8CVSS7.1AI score0.00866EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2008/10/03 3:7 p.m.•78 views

Design/Logic Flaw

The IPv6 Neighbor Discovery Protocol NDP implementation in 1 FreeBSD 6.3 through 7.1, 2 OpenBSD 4.2 and 4.3, 3 NetBSD, 4 Force10 FTOS before E7.7.1.1, 5 Juniper JUNOS, and 6 Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attacke...

9.3CVSS6.6AI score0.07425EPSS
Exploits0References24Affected Software3
Prion
Prion
•added 2008/09/18 3:4 p.m.•78 views

Code injection

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service connection sl...

5CVSS6.4AI score0.44963EPSS
Exploits7References9Affected Software1
Prion
Prion
•added 2006/05/02 10:2 a.m.•78 views

Remote file inclusion

PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classesdir parameter...

6.4CVSS8AI score0.07921EPSS
Exploits0References7Affected Software1
Prion
Prion
•added 2024/03/14 10:53 p.m.•77 views

Design/Logic Flaw

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

7.1AI score0.0077EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/10/17 10:15 p.m.•77 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.3CVSS4.5AI score0.0094EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/10/17 10:15 p.m.•77 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS6.1AI score0.00911EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/08/22 7:16 p.m.•77 views

Design/Logic Flaw

A use-after-free exists in Python through 3.9 via heappushpop in heapq...

5CVSS7.4AI score0.0177EPSS
Exploits1References6Affected Software2
Prion
Prion
•added 2023/08/20 1:15 a.m.•77 views

Authorization

Missing Authorization in GitHub repository hamza417/inure prior to build88...

3.6CVSS6.2AI score0.00314EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2021/11/24 7:15 p.m.•77 views

Path traversal

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the front/send.php file...

5CVSS7.4AI score0.52658EPSS
Exploits2References4Affected Software1
Prion
Prion
•added 2021/01/19 6:15 a.m.•77 views

Buffer overflow

Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to cdouble.fromparam. This occurs because sprintf is...

7.5CVSS9.9AI score0.23293EPSS
Exploits1References28Affected Software8
Total number of security vulnerabilities5000