Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2012/10/10 9:55 p.m.•77 views

Design/Logic Flaw

ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service named daemon hang via unspecified combinations of resource records...

7.8CVSS7.1AI score0.34196EPSS
Exploits0References38Affected Software1
Prion
Prion
•added 2012/10/01 12:55 a.m.•77 views

Cross site scripting

Cross-site scripting XSS vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters...

4.3CVSS6.2AI score0.01642EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2006/04/13 10:2 a.m.•77 views

Authentication flaw

HP System Management Homepage SMH 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL...

7.5CVSS7.4AI score0.02921EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2023/09/04 6:15 p.m.•76 views

Server side request forgery (ssrf)

LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery SSRF vulnerability in the engines/google/text.php and engines/duckduckgo/text.php files in versions before commit...

5CVSS7.7AI score0.00729EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/05/23 8:15 p.m.•76 views

Code injection

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

5CVSS7.4AI score0.00804EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/02/14 8:15 p.m.•76 views

Remote code execution

Microsoft Exchange Server Remote Code Execution Vulnerability...

6.5CVSS8.7AI score0.62104EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/11/14 7:15 a.m.•76 views

Design/Logic Flaw

In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...

3.3CVSS7.8AI score0.02197EPSS
Exploits3References1Affected Software1
Prion
Prion
•added 2021/11/02 7:15 p.m.•76 views

Authorization

An improper authorization vulnerability CWE-285 in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...

7.2CVSS7.6AI score0.00347EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2017/05/11 1:29 a.m.•76 views

Integer overflow

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

7.5CVSS9.6AI score0.24027EPSS
Exploits6References3Affected Software1
Prion
Prion
•added 2015/01/13 3:59 p.m.•76 views

Cross site scripting

Cross-site scripting XSS vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter to search/...

4.3CVSS6.2AI score0.01201EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2024/02/29 1:44 a.m.•75 views

Directory traversal

XenForo before 2.2.14 allows Directory Traversal with write access by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import...

7.2AI score0.0102EPSS
Exploits0References3
Prion
Prion
•added 2023/12/10 6:15 p.m.•75 views

Integer overflow

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...

6.5CVSS8.4AI score0.04322EPSS
Exploits0References34Affected Software21
Prion
Prion
•added 2023/10/17 10:15 p.m.•75 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.5AI score0.00925EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/04/25 1:15 p.m.•75 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found...

5.8CVSS5.9AI score0.01524EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2021/05/27 12:15 p.m.•75 views

Design/Logic Flaw

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a...

5CVSS7.2AI score0.0745EPSS
Exploits1References9Affected Software3
Prion
Prion
•added 2018/07/03 1:29 a.m.•75 views

Design/Logic Flaw

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstance...

4.6CVSS5.1AI score0.00315EPSS
Exploits0References3Affected Software4
Prion
Prion
•added 2023/09/04 6:15 p.m.•74 views

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...

5CVSS5.3AI score0.00455EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/09/01 4:15 p.m.•74 views

Design/Logic Flaw

An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser...

7.5CVSS9.4AI score0.00566EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/08/25 9:15 p.m.•74 views

Design/Logic Flaw

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack...

4.3CVSS6.2AI score0.02771EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2023/04/19 12:15 a.m.•74 views

Remote code execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document e.g., their own user profile can execute code with programming rights, leading to remote code execution. This vulnerability has been patched in XWiki...

6.5CVSS9AI score0.01864EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2023/01/20 7:15 p.m.•74 views

Memory corruption

GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsrreadrarefull function...

4.4CVSS7.7AI score0.00377EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/01/01 9:15 a.m.•74 views

Cross site scripting

A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the argument HTMLString leads to cross site scripting...

5.8CVSS6.1AI score0.0053EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2022/04/27 5:15 p.m.•74 views

Design/Logic Flaw

An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile Android before version 9.7.3495...

2.1CVSS4.2AI score0.00225EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2022/01/19 12:15 p.m.•74 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

6.8CVSS4.8AI score0.02031EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2019/08/13 9:15 p.m.•74 views

Design/Logic Flaw

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU...

7.8CVSS7.4AI score0.82017EPSS
Exploits0References42Affected Software18
Prion
Prion
•added 2017/01/05 2:59 a.m.•74 views

Design/Logic Flaw

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...

2.1CVSS6.3AI score0.01101EPSS
Exploits1References12Affected Software1
Prion
Prion
•added 2014/12/11 2:59 a.m.•74 views

Design/Logic Flaw

ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service memory consumption and named crash via a large or infinite number of referrals...

7.8CVSS7AI score0.65683EPSS
Exploits0References27Affected Software1
Prion
Prion
•added 2008/07/21 4:41 p.m.•74 views

Unrestricted file upload

Unrestricted file upload vulnerability in the writeLogEntry function in system/vcronproc.php in PHPizabi 0.848b C1 HFP1, when registerglobals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONFCRONLOGFILE parameter and file contents in the...

9.3CVSS8.1AI score0.05165EPSS
Exploits7References5Affected Software1
Prion
Prion
•added 2023/07/10 4:15 p.m.•73 views

Command injection

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker...

1.9CVSS5.3AI score0.65692EPSS
Exploits0References5Affected Software3
Prion
Prion
•added 2023/03/31 4:15 a.m.•73 views

Authentication flaw

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...

5CVSS5.5AI score0.02452EPSS
Exploits0References10Affected Software4
Prion
Prion
•added 2023/01/10 2:15 a.m.•73 views

Design/Logic Flaw

workers/extractor.py in Pandora aka pandora-analysis/pandora 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive aka ZIP bomb...

4.3CVSS6.3AI score0.00617EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/07/14 12:15 p.m.•73 views

Design/Logic Flaw

Best Practical Request Tracker RT before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment...

5.8CVSS5.9AI score0.00604EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2008/07/22 4:41 p.m.•73 views

Code injection

OpenSSH before 5.1 sets the SOREUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform...

1.2CVSS6.3AI score0.00328EPSS
Exploits0References7Affected Software1
Prion
Prion
•added 2023/09/12 5:15 p.m.•72 views

Privilege escalation

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability...

4.3CVSS7.5AI score0.261EPSS
Exploits4References1Affected Software5
Prion
Prion
•added 2023/04/19 12:15 a.m.•72 views

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...

4.9CVSS5.6AI score0.00567EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2023/04/10 2:15 p.m.•72 views

Input validation

Allegro Tech BigFlow 1.6 is vulnerable to Missing SSL Certificate Validation...

2.6CVSS5.7AI score0.00434EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2022/12/13 7:15 p.m.•72 views

Remote code execution

Windows Terminal Remote Code Execution Vulnerability...

4.4CVSS7.8AI score0.01365EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/08/06 6:15 p.m.•72 views

Design/Logic Flaw

Exim before 4.96 has an invalid free in pamconverse in auths/callpam.c because storefree is not used after storemalloc...

5CVSS7.6AI score0.02551EPSS
Exploits2References10Affected Software2
Prion
Prion
•added 2024/02/14 3:15 p.m.•71 views

Cross site scripting

Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.9CVSS6.3AI score0.00424EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2023/10/17 10:15 p.m.•71 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

3.3CVSS4.6AI score0.00925EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/09/04 6:15 p.m.•71 views

Design/Logic Flaw

hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...

1.9CVSS5.4AI score0.00336EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2023/07/20 6:15 a.m.•71 views

Code injection

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers...

5CVSS5.7AI score0.00487EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2023/06/14 5:15 p.m.•71 views

Privilege escalation

A local privilege escalation PE vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges...

4.3CVSS7.8AI score0.0018EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2023/01/18 12:15 a.m.•71 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.7CVSS5.6AI score0.00796EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2022/12/07 5:15 p.m.•71 views

Design/Logic Flaw

On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...

5CVSS7.3AI score0.0119EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2022/09/21 11:15 a.m.•71 views

Buffer overflow

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process...

6.4CVSS8AI score0.01073EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2022/09/21 11:15 a.m.•71 views

Code injection

By sending specific queries to the resolver, an attacker can cause named to crash...

5CVSS7.3AI score0.01555EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2022/08/07 6:15 p.m.•71 views

Heap overflow

Exim before 4.95 has a heap-based buffer overflow for the alias list in hostnamelookup in host.c when senderhostname is set...

7.5CVSS9.6AI score0.0292EPSS
Exploits1References7Affected Software2
Prion
Prion
•added 2022/02/27 8:15 a.m.•71 views

Memory corruption

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in...

6.8CVSS9.2AI score0.03002EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2019/02/20 3:29 a.m.•71 views

Remote code execution

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...

6.5CVSS7.4AI score0.91985EPSS
Exploits10References9Affected Software2
Total number of security vulnerabilities5000