Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2020/11/06 8:15 a.m.39 views

Input validation

An issue was discovered in ioapiclazyupdateeoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9...

2.1CVSS5.8AI score0.00562EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2020/10/21 3:15 p.m.39 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

6.8CVSS5.1AI score0.0288EPSS
Exploits0References7Affected Software5
Prion
Prion
added 2020/10/12 11:15 a.m.39 views

Buffer overflow

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service DoS and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 versio...

7.5CVSS9.8AI score0.26869EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2020/09/02 8:15 p.m.39 views

Information disclosure

Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system...

4.4CVSS7.5AI score0.00432EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2020/09/01 9:15 p.m.39 views

Design/Logic Flaw

A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04...

5.5CVSS9.3AI score0.00445EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/08/21 9:15 p.m.39 views

Code injection

In BIND 9.9.12 - 9.9.13, 9.10.7 - 9.10.8, 9.11.3 - 9.11.21, 9.12.1 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.12-S1 - 9.9.13-S1, 9.11.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abu...

4CVSS5.5AI score0.0364EPSS
Exploits0References10Affected Software5
Prion
Prion
added 2020/08/17 5:15 p.m.39 views

Design/Logic Flaw

lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage...

5CVSS5.4AI score0.01793EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2020/07/15 6:15 p.m.39 views

Design/Logic Flaw

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

3.5CVSS5.1AI score0.02221EPSS
Exploits0References7Affected Software4
Prion
Prion
added 2020/07/14 11:15 p.m.39 views

Remote code execution

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'...

6.8CVSS7.9AI score0.94243EPSS
Exploits10References5Affected Software6
Prion
Prion
added 2020/06/29 6:15 p.m.39 views

Design/Logic Flaw

The web interface of Maipu MP1800X-50 7.5.3.14R devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime...

5CVSS6.3AI score0.99876EPSS
Exploits20References1Affected Software1
Prion
Prion
added 2020/06/17 11:15 a.m.39 views

Double free

The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free...

6.4CVSS8.9AI score0.1285EPSS
Exploits1References11Affected Software1
Prion
Prion
added 2020/06/09 8:15 p.m.39 views

Privilege escalation

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266,...

9.3CVSS7.5AI score0.15932EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2020/01/13 7:15 p.m.39 views

Design/Logic Flaw

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions...

2.1CVSS5.4AI score0.00354EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2019/12/23 5:15 p.m.39 views

Session fixation

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, th...

5.1CVSS7.5AI score0.10687EPSS
Exploits0References19Affected Software11
Prion
Prion
added 2019/11/21 9:15 p.m.39 views

Heap overflow

An issue was discovered in Oniguruma 6.x before 6.9.4rc2. In the function fetchintervalquantifier formerly known as fetchrangequantifier in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read...

5CVSS8.3AI score0.06889EPSS
Exploits1References8Affected Software3
Prion
Prion
added 2019/11/14 8:15 p.m.39 views

Input validation

Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable denial of service of the host system via local access...

4.9CVSS6.3AI score0.00915EPSS
Exploits0References16Affected Software23
Prion
Prion
added 2019/11/14 7:15 p.m.39 views

Design/Logic Flaw

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

2.1CVSS6.3AI score0.03133EPSS
Exploits0References30Affected Software38
Prion
Prion
added 2019/11/04 4:15 p.m.39 views

Race condition

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during...

6.9CVSS6.6AI score0.00985EPSS
Exploits1References14Affected Software5
Prion
Prion
added 2019/10/16 6:15 p.m.39 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4CVSS4.8AI score0.02327EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2019/10/16 6:15 p.m.39 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

4CVSS6.1AI score0.01885EPSS
Exploits0References6Affected Software3
Prion
Prion
added 2019/08/14 9:15 p.m.39 views

Remote code execution

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. Th...

10CVSS9.6AI score0.75194EPSS
Exploits0References3Affected Software5
Prion
Prion
added 2019/08/14 5:15 p.m.39 views

Code injection

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...

4.8CVSS8.5AI score0.02691EPSS
Exploits2References30Affected Software62
Prion
Prion
added 2019/07/23 11:15 p.m.39 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4CVSS4.8AI score0.02008EPSS
Exploits0References5Affected Software6
Prion
Prion
added 2019/06/29 2:15 p.m.39 views

Open redirect

modauthmellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL...

4.3CVSS6.2AI score0.01423EPSS
Exploits0References6Affected Software4
Prion
Prion
added 2019/06/17 6:15 p.m.39 views

Design/Logic Flaw

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as relay.sh which allows the device to create relay ports a...

9CVSS7.8AI score0.0356EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2019/05/07 6:29 p.m.39 views

Default credentials

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission HTTP of user credentials by default...

5CVSS9.4AI score0.0111EPSS
Exploits0References2Affected Software29
Prion
Prion
added 2019/04/30 7:29 p.m.39 views

Design/Logic Flaw

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program...

3.6CVSS7.7AI score0.01254EPSS
Exploits0References7Affected Software5
Prion
Prion
added 2019/03/25 7:29 p.m.39 views

Path traversal

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...

10CVSS9.8AI score0.99913EPSS
Exploits20References5Affected Software2
Prion
Prion
added 2019/03/23 6:29 p.m.39 views

Crlf injection

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

4.3CVSS7.4AI score0.05406EPSS
Exploits2References21Affected Software1
Prion
Prion
added 2019/03/09 12:29 a.m.39 views

Design/Logic Flaw

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the datalen variable...

5CVSS8.3AI score0.08202EPSS
Exploits1References13Affected Software5
Prion
Prion
added 2019/01/16 7:30 p.m.39 views

Design/Logic Flaw

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Connection Handling. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical...

3.8CVSS6.1AI score0.02487EPSS
Exploits0References8Affected Software10
Prion
Prion
added 2019/01/08 8:29 p.m.39 views

Code injection

SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

7.5CVSS9.3AI score0.01272EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/10/18 1:29 p.m.39 views

Design/Logic Flaw

The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. This vulnerability only affects Firefox for...

5CVSS5.6AI score0.01681EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2018/10/17 1:31 a.m.39 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser. Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...

4CVSS6.3AI score0.029EPSS
Exploits0References9Affected Software6
Prion
Prion
added 2018/10/17 1:31 a.m.39 views

Code injection

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: SMB Server. The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to compromise Solaris. Successful attacks of this...

4CVSS3.9AI score0.02006EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/10/17 1:31 a.m.39 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.4AI score0.01423EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2018/09/25 12:29 a.m.39 views

Code injection

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

5CVSS6.7AI score0.10911EPSS
Exploits0References16Affected Software8
Prion
Prion
added 2018/07/18 3:29 p.m.39 views

Design/Logic Flaw

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4extdroprefs function when operating on a crafted ext4 filesystem image...

6.8CVSS6.3AI score0.02252EPSS
Exploits0References12Affected Software4
Prion
Prion
added 2018/06/26 4:29 p.m.39 views

Heap overflow

BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been...

7.5CVSS9.5AI score0.32381EPSS
Exploits0References4Affected Software3
Prion
Prion
added 2018/06/14 12:29 p.m.39 views

Security feature bypass

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

4.6CVSS5.2AI score0.02048EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2018/03/27 4:29 p.m.39 views

Cross site scripting

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment...

4.3CVSS6.1AI score0.23717EPSS
Exploits2References6Affected Software1
Prion
Prion
added 2018/03/26 3:29 p.m.39 views

Design/Logic Flaw

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...

5CVSS8.3AI score0.18197EPSS
Exploits0References27Affected Software4
Prion
Prion
added 2018/03/26 3:29 p.m.39 views

Design/Logic Flaw

In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...

3.5CVSS6.9AI score0.10118EPSS
Exploits0References26Affected Software4
Prion
Prion
added 2018/03/19 6:29 p.m.39 views

Buffer overflow

In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability to cause a denial ...

5CVSS7.7AI score0.13954EPSS
Exploits5References3Affected Software1
Prion
Prion
added 2018/03/05 11:29 p.m.39 views

Code injection

DISPUTED The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service assertion failure because pixels = 130 may be false. Note: “OpenCV CVAssert is not an assertion C-like assert, it is regular C++ exception which...

5CVSS7.4AI score0.02313EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/02/12 5:29 p.m.39 views

Design/Logic Flaw

In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems where rhshellfix was enabled, and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by th...

9CVSS6.9AI score0.01668EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/01/23 4:29 p.m.39 views

Design/Logic Flaw

A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist...

5CVSS7.4AI score0.02697EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/11/22 10:29 p.m.39 views

Privilege escalation

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to...

4.6CVSS7AI score0.00392EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2017/11/15 3:29 a.m.39 views

Memory corruption

Microsoft Excel 2016 Click-to-Run C2R allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882...

9.3CVSS7.9AI score0.99945EPSS
Exploits33References3Affected Software1
Prion
Prion
added 2017/09/13 1:29 a.m.39 views

Remote code execution

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."...

9.3CVSS8AI score0.88698EPSS
Exploits14References7Affected Software1
Total number of security vulnerabilities5000