Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2022/03/25 7:15 p.m.•36 views

Design/Logic Flaw

A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information...

4.9CVSS6.7AI score0.01747EPSS
Exploits1References6Affected Software5
Prion
Prion
•added 2022/03/23 6:15 a.m.•36 views

Heap overflow

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

4.6CVSS7.7AI score0.05524EPSS
Exploits2References5Affected Software5
Prion
Prion
•added 2022/03/13 12:15 a.m.•36 views

Design/Logic Flaw

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer BHB to influence mispredicted branches. Then, cache allocation can allow the attacker to obtai...

1.9CVSS6.2AI score0.00495EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2022/03/04 6:15 p.m.•36 views

Integer overflow

A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability...

7.1CVSS5.3AI score0.00913EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2022/03/03 7:15 p.m.•36 views

Design/Logic Flaw

A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...

6.9CVSS7.9AI score0.05528EPSS
Exploits12References10Affected Software19
Prion
Prion
•added 2022/02/18 6:15 p.m.•36 views

Stack overflow

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvmechangednslist where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information...

2.1CVSS5.2AI score0.00312EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2022/02/11 6:15 p.m.•36 views

Null pointer dereference

Null source pointer passed as an argument to memcpy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c...

4.3CVSS5.8AI score0.0125EPSS
Exploits1References8Affected Software3
Prion
Prion
•added 2022/02/11 6:15 a.m.•36 views

Memory corruption

An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yamsiocdevprivate in drivers/net/hamradio/yam.c...

2.1CVSS5.5AI score0.00428EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2022/01/19 12:15 p.m.•36 views

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

5CVSS4.7AI score0.02755EPSS
Exploits0References6Affected Software6
Prion
Prion
•added 2022/01/19 12:15 p.m.•36 views

Design/Logic Flaw

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where th...

4CVSS5.6AI score0.02621EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2021/12/28 8:15 p.m.•36 views

Remote code execution

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is...

8.5CVSS7.2AI score0.97906EPSS
Exploits9References12Affected Software22
Prion
Prion
•added 2021/12/18 12:15 p.m.•36 views

Code injection

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

4.3CVSS7.5AI score0.99999EPSS
Exploits20References13Affected Software115
Prion
Prion
•added 2021/12/17 8:15 p.m.•36 views

Buffer overflow

DISPUTED Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can onl...

2.1CVSS5.4AI score0.00368EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2021/12/15 7:15 p.m.•36 views

Remote code execution

In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...

10CVSS9AI score0.01602EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/12/14 4:15 p.m.•36 views

Design/Logic Flaw

A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data...

4.3CVSS6.1AI score0.22318EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2021/12/07 7:15 p.m.•36 views

Server side request forgery (ssrf)

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly...

4CVSS6.3AI score0.00849EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/12/07 2:15 p.m.•36 views

Design/Logic Flaw

An uncontrolled resource consumption vulnerability exists in Citrix ADC 13.0-83.27, 12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication...

4.3CVSS7.3AI score0.00894EPSS
Exploits0References1Affected Software3
Prion
Prion
•added 2021/11/02 9:15 p.m.•36 views

Design/Logic Flaw

Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows...

4.3CVSS7.3AI score0.01416EPSS
Exploits0References4Affected Software3
Prion
Prion
•added 2021/10/13 1:15 a.m.•36 views

Remote code execution

Microsoft SharePoint Server Remote Code Execution Vulnerability...

6.5CVSS8.1AI score0.46339EPSS
Exploits0References2Affected Software3
Prion
Prion
•added 2021/10/04 6:15 p.m.•36 views

Authentication flaw

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol RESP request, Redis allocates memory according to user-specified values which determine the number of elements in the multi-bulk header and size of each element in the bulk header. ...

5CVSS7.9AI score0.1578EPSS
Exploits0References10Affected Software4
Prion
Prion
•added 2021/09/15 10:15 p.m.•36 views

Authentication flaw

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets...

10CVSS9.5AI score0.99556EPSS
Exploits9References3Affected Software18
Prion
Prion
•added 2021/09/08 3:15 p.m.•36 views

Code injection

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to arbitrary code execution...

6.8CVSS7.7AI score0.01142EPSS
Exploits0References5Affected Software6
Prion
Prion
•added 2021/08/26 7:15 p.m.•36 views

Authentication flaw

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated...

5.8CVSS7.6AI score0.00895EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2021/08/18 8:15 p.m.•36 views

Code injection

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrec...

9CVSS7.2AI score0.02395EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2021/07/16 9:15 p.m.•36 views

Remote code execution

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

7.5CVSS9.2AI score0.45423EPSS
Exploits1References1Affected Software4
Prion
Prion
•added 2021/07/01 3:15 a.m.•36 views

Design/Logic Flaw

The CIL compiler in SELinux 3.2 has a use-after-free in cilresetclasspermission called from cilresetclasspermsset and cilresetclasspermslist...

2.1CVSS6.3AI score0.00592EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2021/06/11 4:15 p.m.•36 views

Code injection

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

4.3CVSS5.4AI score0.02979EPSS
Exploits1References8Affected Software9
Prion
Prion
•added 2021/06/10 7:15 a.m.•36 views

Stack overflow

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

6.8CVSS8AI score0.53191EPSS
Exploits0References12Affected Software6
Prion
Prion
•added 2021/06/01 2:15 p.m.•36 views

Cross site scripting

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery i...

3.5CVSS5.3AI score0.04609EPSS
Exploits6References1Affected Software1
Prion
Prion
•added 2021/06/01 2:15 p.m.•36 views

Design/Logic Flaw

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability...

6.8CVSS8.2AI score0.0199EPSS
Exploits1References9Affected Software5
Prion
Prion
•added 2021/05/26 3:15 p.m.•36 views

Remote code execution

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

10CVSS9.8AI score0.99999EPSS
Exploits13References3Affected Software2
Prion
Prion
•added 2021/05/17 5:15 p.m.•36 views

Design/Logic Flaw

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection...

4.3CVSS6.5AI score0.01627EPSS
Exploits0References6Affected Software4
Prion
Prion
•added 2021/05/14 8:15 p.m.•36 views

Out-of-bounds

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

4.6CVSS7.7AI score0.00234EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2021/05/12 3:15 p.m.•36 views

Design/Logic Flaw

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is ...

4.6CVSS6.9AI score0.00299EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/05/07 12:15 p.m.•36 views

Remote code execution

VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance...

7.5CVSS9.7AI score0.01981EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/05/06 1:15 p.m.•36 views

Race condition

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a deletepidfile race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options...

6.3CVSS6.8AI score0.00984EPSS
Exploits4References1Affected Software1
Prion
Prion
•added 2021/05/05 10:15 a.m.•36 views

Default configuration

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permission...

2.1CVSS3.6AI score0.00268EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2021/04/26 5:15 p.m.•36 views

Input validation

Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.6AI score0.70435EPSS
Exploits6References8Affected Software2
Prion
Prion
•added 2021/04/26 5:15 p.m.•36 views

Type confusion

Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

6.8CVSS8.8AI score0.57736EPSS
Exploits1References7Affected Software3
Prion
Prion
•added 2021/03/19 4:15 a.m.•36 views

Heap overflow

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654...

7.5CVSS9.4AI score0.02281EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/03/05 6:15 p.m.•36 views

Design/Logic Flaw

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations as a result of changes to the handling of grant mapping errors. A host OS denial of service may occur during...

4.9CVSS5.9AI score0.00708EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2021/03/03 5:15 p.m.•36 views

Design/Logic Flaw

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that...

7.2CVSS7.1AI score0.00573EPSS
Exploits0References4Affected Software7
Prion
Prion
•added 2021/02/25 8:15 p.m.•36 views

Integer overflow

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in Do...

2.1CVSS3.9AI score0.00587EPSS
Exploits1References5Affected Software3
Prion
Prion
•added 2021/02/24 5:15 p.m.•36 views

Heap overflow

OpenSLP as used in ESXi 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue i...

5.8CVSS8.8AI score0.45063EPSS
Exploits7References3Affected Software2
Prion
Prion
•added 2021/02/09 6:15 p.m.•36 views

Buffer overflow

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...

5CVSS5.5AI score0.01555EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2021/02/03 5:15 p.m.•36 views

Stack overflow

The function AESUnWRAP in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 up to and excluding 2.08 does not validate the size parameter for a memcpy operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An...

6.8CVSS8.4AI score0.02636EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2021/02/02 7:15 a.m.•36 views

Directory traversal

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...

5CVSS5.4AI score0.07605EPSS
Exploits1References5Affected Software2
Prion
Prion
•added 2021/01/29 5:15 p.m.•36 views

Design/Logic Flaw

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458...

7.2CVSS7.3AI score0.01377EPSS
Exploits1References19Affected Software3
Prion
Prion
•added 2021/01/26 6:15 p.m.•36 views

Heap overflow

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application...

6.8CVSS8.1AI score0.02008EPSS
Exploits1References6Affected Software2
Prion
Prion
•added 2021/01/21 10:15 a.m.•36 views

Improper access control

Out of bound access in WLAN driver due to lack of validation of array length before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

10CVSS9.3AI score0.01085EPSS
Exploits0References2
Total number of security vulnerabilities5000