Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2020/12/26 4:15 a.m.39 views

Design/Logic Flaw

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146...

4.3CVSS7.6AI score0.12054EPSS
Exploits1References1Affected Software2
Prion
Prion
added 2020/12/17 7:15 p.m.39 views

Unrestricted file upload

The contact-form-7 aka Contact Form 7 plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters...

10CVSS9.8AI score0.89626EPSS
Exploits4References5Affected Software1
Prion
Prion
added 2020/12/09 5:15 p.m.39 views

Design/Logic Flaw

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/ttyjobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b...

7.2CVSS7.2AI score0.01129EPSS
Exploits2References11Affected Software4
Prion
Prion
added 2020/11/16 1:15 a.m.39 views

Design/Logic Flaw

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportuni...

6.8CVSS8AI score0.01574EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2020/10/12 11:15 a.m.39 views

Buffer overflow

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service DoS and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 versio...

7.5CVSS9.8AI score0.26869EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2020/09/02 8:15 p.m.39 views

Information disclosure

Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system...

4.4CVSS7.5AI score0.00432EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2020/09/01 9:15 p.m.39 views

Design/Logic Flaw

A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04...

5.5CVSS9.3AI score0.00445EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/07/14 11:15 p.m.39 views

Remote code execution

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'...

6.8CVSS7.9AI score0.94243EPSS
Exploits10References5Affected Software6
Prion
Prion
added 2020/06/29 6:15 p.m.39 views

Design/Logic Flaw

The web interface of Maipu MP1800X-50 7.5.3.14R devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime...

5CVSS6.3AI score0.99876EPSS
Exploits20References1Affected Software1
Prion
Prion
added 2020/06/17 11:15 a.m.39 views

Double free

The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free...

6.4CVSS8.9AI score0.1285EPSS
Exploits1References11Affected Software1
Prion
Prion
added 2020/04/15 2:15 p.m.39 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

5.5CVSS5.5AI score0.03014EPSS
Exploits0References11Affected Software6
Prion
Prion
added 2019/12/23 5:15 p.m.39 views

Session fixation

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, th...

5.1CVSS7.5AI score0.10687EPSS
Exploits0References19Affected Software11
Prion
Prion
added 2019/11/14 8:15 p.m.39 views

Input validation

Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable denial of service of the host system via local access...

4.9CVSS6.3AI score0.00915EPSS
Exploits0References16Affected Software23
Prion
Prion
added 2019/10/29 7:15 p.m.39 views

Memory corruption

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled...

6.5CVSS8.5AI score0.01675EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/14 5:15 p.m.39 views

Code injection

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...

4.8CVSS8.5AI score0.02691EPSS
Exploits2References30Affected Software62
Prion
Prion
added 2019/05/07 6:29 p.m.39 views

Default credentials

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission HTTP of user credentials by default...

5CVSS9.4AI score0.0111EPSS
Exploits0References2Affected Software29
Prion
Prion
added 2019/04/30 7:29 p.m.39 views

Design/Logic Flaw

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program...

3.6CVSS7.7AI score0.01254EPSS
Exploits0References7Affected Software5
Prion
Prion
added 2019/04/09 3:29 a.m.39 views

Privilege escalation

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797...

7.2CVSS7.7AI score0.53298EPSS
Exploits10References2Affected Software2
Prion
Prion
added 2019/03/25 7:29 p.m.39 views

Path traversal

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...

10CVSS9.8AI score0.99913EPSS
Exploits20References5Affected Software2
Prion
Prion
added 2019/03/23 6:29 p.m.39 views

Crlf injection

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

4.3CVSS7.4AI score0.05406EPSS
Exploits2References21Affected Software1
Prion
Prion
added 2018/10/17 1:31 a.m.39 views

Code injection

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: SMB Server. The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to compromise Solaris. Successful attacks of this...

4CVSS3.9AI score0.02006EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/10/17 1:31 a.m.39 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.4AI score0.01423EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2018/09/25 12:29 a.m.39 views

Code injection

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

5CVSS6.7AI score0.10911EPSS
Exploits0References16Affected Software8
Prion
Prion
added 2018/07/18 3:29 p.m.39 views

Design/Logic Flaw

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4extdroprefs function when operating on a crafted ext4 filesystem image...

6.8CVSS6.3AI score0.02252EPSS
Exploits0References12Affected Software4
Prion
Prion
added 2018/06/14 12:29 p.m.39 views

Security feature bypass

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

4.6CVSS5.2AI score0.02048EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2018/03/27 4:29 p.m.39 views

Cross site scripting

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment...

4.3CVSS6.1AI score0.23717EPSS
Exploits2References6Affected Software1
Prion
Prion
added 2018/03/19 6:29 p.m.39 views

Buffer overflow

In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability to cause a denial ...

5CVSS7.7AI score0.13954EPSS
Exploits5References3Affected Software1
Prion
Prion
added 2018/03/14 5:29 p.m.39 views

Privilege escalation

The Desktop Bridge Virtual File System VFS in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege Vulnerability"...

7.2CVSS7.6AI score0.0348EPSS
Exploits2References4Affected Software2
Prion
Prion
added 2018/03/05 11:29 p.m.39 views

Code injection

DISPUTED The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service assertion failure because pixels = 130 may be false. Note: “OpenCV CVAssert is not an assertion C-like assert, it is regular C++ exception which...

5CVSS7.4AI score0.02313EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/02/12 5:29 p.m.39 views

Design/Logic Flaw

In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems where rhshellfix was enabled, and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by th...

9CVSS6.9AI score0.01668EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/01/23 4:29 p.m.39 views

Design/Logic Flaw

A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist...

5CVSS7.4AI score0.02697EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/11/15 3:29 a.m.39 views

Memory corruption

Microsoft Excel 2016 Click-to-Run C2R allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882...

9.3CVSS7.9AI score0.99945EPSS
Exploits33References3Affected Software1
Prion
Prion
added 2017/09/13 1:29 a.m.39 views

Remote code execution

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."...

9.3CVSS8AI score0.88698EPSS
Exploits14References7Affected Software1
Prion
Prion
added 2017/07/27 9:29 p.m.39 views

Design/Logic Flaw

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-en...

5CVSS7AI score0.13252EPSS
Exploits0References40Affected Software9
Prion
Prion
added 2017/07/10 2:29 p.m.39 views

Code injection

In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/phpvariables.c...

7.8CVSS7.3AI score0.08255EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2017/07/05 1:29 a.m.39 views

Memory corruption

The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAPdevicemap and GNTMAPhostmap mapping, which allows guest OS users to cause a denial of service count mismanagement and memory corruption or obtain privileged host OS access, aka XSA-224 bug 2...

10CVSS8.9AI score0.02549EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2017/05/12 8:29 p.m.39 views

Design/Logic Flaw

The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...

7.5CVSS9.8AI score0.07191EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2017/03/27 5:59 p.m.39 views

Design/Logic Flaw

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead ...

5.8CVSS7.4AI score0.03514EPSS
Exploits2References7Affected Software1
Prion
Prion
added 2017/03/17 12:59 a.m.39 views

Remote code execution

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka...

9.3CVSS8.5AI score0.99373EPSS
Exploits92References10Affected Software1
Prion
Prion
added 2017/01/13 4:59 p.m.39 views

Code injection

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service reject broadcast mode packets via the poll interval in a broadcast packet...

3.3CVSS6.8AI score0.03907EPSS
Exploits1References12Affected Software1
Prion
Prion
added 2017/01/13 9:59 a.m.39 views

Design/Logic Flaw

An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...

7.2CVSS7.7AI score0.00378EPSS
Exploits0References3
Prion
Prion
added 2017/01/04 8:59 p.m.39 views

Design/Logic Flaw

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...

7.5CVSS9.8AI score0.46801EPSS
Exploits6References7Affected Software1
Prion
Prion
added 2016/12/13 9:59 p.m.39 views

Race condition

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster...

4.4CVSS6.2AI score0.04313EPSS
Exploits18References24Affected Software4
Prion
Prion
added 2016/08/07 10:59 a.m.39 views

Design/Logic Flaw

phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...

7.5CVSS9.7AI score0.0926EPSS
Exploits5References12Affected Software1
Prion
Prion
added 2016/08/07 10:59 a.m.39 views

Integer overflow

Multiple integer overflows in phpzip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted call to 1 getFromIndex or 2 getFromName in the ZipArchive...

7.5CVSS8.3AI score0.5851EPSS
Exploits5References7Affected Software1
Prion
Prion
added 2016/07/21 10:14 a.m.39 views

Buffer overflow

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598...

9.3CVSS8.3AI score0.0669EPSS
Exploits0References20Affected Software3
Prion
Prion
added 2016/05/22 1:59 a.m.39 views

Design/Logic Flaw

The xmlparseintostruct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service buffer under-read and segmentation fault or possibly have unspecified other impact via crafted XML data in the second argument,...

7.5CVSS8AI score0.06229EPSS
Exploits1References15Affected Software3
Prion
Prion
added 2016/05/16 10:59 a.m.39 views

Design/Logic Flaw

The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple phpvarunserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service use-after-free via crafted session content...

7.5CVSS8.2AI score0.36992EPSS
Exploits3References6Affected Software1
Prion
Prion
added 2016/05/16 10:59 a.m.39 views

Code injection

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service application crash or possibly...

5CVSS8.4AI score0.0739EPSS
Exploits1References10Affected Software8
Prion
Prion
added 2016/05/16 10:59 a.m.39 views

Stack overflow

Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted TAR archive...

10CVSS8.3AI score0.10997EPSS
Exploits1References10Affected Software1
Total number of security vulnerabilities5000