Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2021/04/27 6:15 a.m.•42 views

Design/Logic Flaw

DISPUTED Unbound before 1.9.5 allows an assertion failure and denial of service in synthcname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...

5CVSS8.3AI score0.01989EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2021/04/26 5:15 p.m.•42 views

Design/Logic Flaw

Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.9AI score0.09401EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2021/04/23 6:15 p.m.•42 views

Input validation

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...

6.8CVSS7.9AI score0.99981EPSS
Exploits39References14Affected Software3
Prion
Prion
•added 2021/04/22 10:15 p.m.•42 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.5CVSS4.3AI score0.01925EPSS
Exploits0References5Affected Software3
Prion
Prion
•added 2021/04/22 10:15 p.m.•42 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.8AI score0.0278EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2021/04/15 8:15 a.m.•42 views

Remote code execution

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

10CVSS9.8AI score0.94089EPSS
Exploits5References3Affected Software1
Prion
Prion
•added 2021/04/02 6:15 p.m.•42 views

Type confusion

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to...

6.8CVSS8.9AI score0.14542EPSS
Exploits0References8Affected Software8
Prion
Prion
•added 2021/03/25 3:15 p.m.•42 views

Null pointer dereference

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...

4.3CVSS6.5AI score0.62906EPSS
Exploits3References28Affected Software68
Prion
Prion
•added 2021/03/03 12:15 a.m.•42 views

Remote code execution

Microsoft Exchange Server Remote Code Execution Vulnerability...

6.8CVSS8AI score0.94008EPSS
Exploits5References1Affected Software1
Prion
Prion
•added 2021/01/18 8:15 p.m.•42 views

Directory traversal

Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948...

5CVSS7.3AI score0.70595EPSS
Exploits2References10Affected Software4
Prion
Prion
•added 2020/12/03 5:15 p.m.•42 views

Cross site scripting

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code...

4.3CVSS6AI score0.03934EPSS
Exploits1References8Affected Software6
Prion
Prion
•added 2020/10/21 3:15 p.m.•42 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromi...

6.8CVSS5.1AI score0.0178EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2020/10/16 5:15 p.m.•42 views

Null pointer dereference

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra...

7.5CVSS9.3AI score0.02743EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2020/09/23 1:15 p.m.•42 views

Design/Logic Flaw

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS5.8AI score0.02712EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2020/09/03 11:15 p.m.•42 views

Design/Logic Flaw

There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service Segmentation fault or possibly have unspecified other impact...

6.8CVSS8AI score0.01055EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2020/08/19 1:15 p.m.•42 views

Code injection

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c in the NFS server can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered...

3.6CVSS6.4AI score0.00361EPSS
Exploits0References10Affected Software5
Prion
Prion
•added 2020/07/30 9:15 p.m.•42 views

Design/Logic Flaw

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c...

4.3CVSS4.8AI score0.05228EPSS
Exploits0References15Affected Software9
Prion
Prion
•added 2020/07/29 8:15 p.m.•42 views

Buffer overflow

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...

4.4CVSS6.7AI score0.00436EPSS
Exploits0References10Affected Software2
Prion
Prion
•added 2020/07/15 6:15 p.m.•42 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4CVSS6.1AI score0.02237EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2020/07/14 11:15 p.m.•42 views

Remote code execution

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407...

9.3CVSS7.9AI score0.2383EPSS
Exploits0References2Affected Software5
Prion
Prion
•added 2020/07/14 3:15 p.m.•42 views

Denial of service

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

5CVSS7.2AI score0.87553EPSS
Exploits1References17Affected Software18
Prion
Prion
•added 2020/07/14 1:15 p.m.•42 views

Authentication flaw

SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

10CVSS10AI score0.94719EPSS
Exploits6References5Affected Software1
Prion
Prion
•added 2020/06/23 10:15 p.m.•42 views

Authentication flaw

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

9.3CVSS9.5AI score0.29157EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2020/06/09 8:15 p.m.•42 views

Privilege escalation

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266,...

4.6CVSS7.5AI score0.15932EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2020/04/01 4:15 a.m.•42 views

Code injection

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...

4.3CVSS6.1AI score0.02767EPSS
Exploits1References8Affected Software4
Prion
Prion
•added 2020/03/06 5:15 p.m.•42 views

Remote code execution

Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets...

10CVSS9.7AI score0.99941EPSS
Exploits6References6Affected Software1
Prion
Prion
•added 2020/02/27 9:15 p.m.•42 views

Information disclosure

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...

6.4CVSS8.6AI score0.03976EPSS
Exploits1References3Affected Software2
Prion
Prion
•added 2019/12/27 2:15 p.m.•42 views

Directory traversal

An issue was discovered in Citrix Application Delivery Controller ADC and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal...

7.5CVSS9.5AI score0.99999EPSS
Exploits48References10Affected Software3
Prion
Prion
•added 2019/11/25 5:15 p.m.•42 views

Heap overflow

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in strlowercasematch in regexec.c...

5CVSS8.5AI score0.02942EPSS
Exploits0References5Affected Software5
Prion
Prion
•added 2019/07/23 11:15 p.m.•42 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4CVSS4.8AI score0.02008EPSS
Exploits0References5Affected Software6
Prion
Prion
•added 2019/05/16 7:29 p.m.•42 views

Remote code execution

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-089...

9.3CVSS8AI score0.2021EPSS
Exploits0References1Affected Software5
Prion
Prion
•added 2019/05/08 5:29 p.m.•42 views

Arbitrary file deletion

In Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability...

7.5CVSS9.5AI score0.99999EPSS
Exploits22References11Affected Software1
Prion
Prion
•added 2019/03/05 11:29 p.m.•42 views

Remote code execution

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604...

6.5CVSS9.5AI score0.99913EPSS
Exploits29References2Affected Software3
Prion
Prion
•added 2019/01/16 7:30 p.m.•42 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: PS. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4CVSS6AI score0.03004EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2018/11/07 2:29 p.m.•42 views

Design/Logic Flaw

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affec...

5.8CVSS6.4AI score0.09801EPSS
Exploits1References14Affected Software5
Prion
Prion
•added 2018/10/17 1:31 a.m.•42 views

Design/Logic Flaw

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Logging. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

3.5CVSS5AI score0.02453EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2018/07/13 8:29 p.m.•42 views

Code injection

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most...

4.6CVSS7.4AI score0.00455EPSS
Exploits0References2
Prion
Prion
•added 2018/06/12 12:29 p.m.•42 views

Design/Logic Flaw

In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to creat...

6.8CVSS7.3AI score0.02342EPSS
Exploits0References12Affected Software2
Prion
Prion
•added 2018/06/11 9:29 p.m.•42 views

Integer overflow

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox 50...

7.5CVSS6.5AI score0.05542EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2018/06/04 4:29 p.m.•42 views

Remote code execution

healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if t...

9.3CVSS7.8AI score0.01752EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2018/03/13 4:29 p.m.•42 views

Design/Logic Flaw

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash...

3.3CVSS6AI score0.06691EPSS
Exploits0References18Affected Software6
Prion
Prion
•added 2018/02/06 3:29 p.m.•42 views

Deserialization of untrusted data

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

7.5CVSS9.1AI score0.37925EPSS
Exploits7References60Affected Software17
Prion
Prion
•added 2017/12/04 8:29 a.m.•42 views

Integer overflow

The dumprelocsinsection function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service excessive memory allocation, or heap-based buffer overflow and application crash or possibly have unspecified other...

6.8CVSS8AI score0.01885EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2017/08/23 5:29 p.m.•42 views

Code injection

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code...

7.5CVSS9.7AI score0.83476EPSS
Exploits8References4Affected Software1
Prion
Prion
•added 2017/06/15 1:29 a.m.•42 views

Remote code execution

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK fil...

9.3CVSS8.6AI score0.90026EPSS
Exploits20References5Affected Software4
Prion
Prion
•added 2016/12/13 4:59 p.m.•42 views

Heap overflow

Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^?P=B?P=B?J:?Pc?Pa?P=BWGXCREDITS/, a different vulnerability than CVE-2015-8384...

7.5CVSS8.2AI score0.09157EPSS
Exploits1References6Affected Software2
Prion
Prion
•added 2016/09/25 10:59 a.m.•42 views

Design/Logic Flaw

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

7.5CVSS7.5AI score0.55724EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2016/09/25 10:59 a.m.•42 views

Memory corruption

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767,...

6.8CVSS8.7AI score0.02065EPSS
Exploits0References10Affected Software4
Prion
Prion
•added 2016/08/07 10:59 a.m.•42 views

Integer overflow

Integer overflow in the SplFileObject::fread function in spldirectory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096...

7.5CVSS9.2AI score0.07337EPSS
Exploits2References12Affected Software4
Prion
Prion
•added 2016/05/16 10:59 a.m.•42 views

Integer overflow

Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because ...

7.5CVSS8.3AI score0.20837EPSS
Exploits2References13Affected Software9
Total number of security vulnerabilities5000