Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2021/04/22 10:15 p.m.•36 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS4.8AI score0.02072EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2021/03/03 5:15 p.m.•36 views

Design/Logic Flaw

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that...

7.2CVSS7.1AI score0.00573EPSS
Exploits0References4Affected Software7
Prion
Prion
•added 2021/02/24 5:15 p.m.•36 views

Heap overflow

OpenSLP as used in ESXi 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue i...

5.8CVSS8.8AI score0.45063EPSS
Exploits7References3Affected Software2
Prion
Prion
•added 2021/02/09 6:15 p.m.•36 views

Buffer overflow

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...

5CVSS5.5AI score0.01555EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2021/02/03 5:15 p.m.•36 views

Stack overflow

The function AESUnWRAP in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 up to and excluding 2.08 does not validate the size parameter for a memcpy operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An...

6.8CVSS8.4AI score0.02636EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2021/02/02 7:15 a.m.•36 views

Directory traversal

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...

5CVSS5.4AI score0.07605EPSS
Exploits1References5Affected Software2
Prion
Prion
•added 2021/01/29 5:15 p.m.•36 views

Design/Logic Flaw

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458...

7.2CVSS7.3AI score0.01377EPSS
Exploits1References19Affected Software3
Prion
Prion
•added 2021/01/21 10:15 a.m.•36 views

Improper access control

Out of bound access in WLAN driver due to lack of validation of array length before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

10CVSS9.3AI score0.01085EPSS
Exploits0References2
Prion
Prion
•added 2021/01/20 8:15 p.m.•36 views

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The...

6.8CVSS8.8AI score0.00836EPSS
Exploits0References2Affected Software2
Prion
Prion
•added 2021/01/20 3:15 p.m.•36 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

6.3CVSS4.3AI score0.01722EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2021/01/18 12:15 p.m.•36 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-23336. Reason: This candidate is a reservation duplicate of CVE-2021-23336. Notes: All CVE users should reference CVE-2021-23336 instead of this candidate. All references and descriptions in this candidate have been removed t...

7.5AI score0.35963EPSS
Exploits1
Prion
Prion
•added 2021/01/12 9:15 a.m.•36 views

Heap overflow

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode...

6.8CVSS9.2AI score0.01789EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2020/12/02 1:15 a.m.•36 views

Memory corruption

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERFEVENTIOCSETFILTER. A local user could use this flaw to starve the resources causing denial of service...

4.9CVSS5.6AI score0.00348EPSS
Exploits0References6Affected Software4
Prion
Prion
•added 2020/11/17 4:15 p.m.•36 views

Design/Logic Flaw

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the documen...

9.3CVSS7.3AI score0.02687EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2020/10/12 11:15 a.m.•36 views

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen ...

4.3CVSS6AI score0.01063EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2020/09/30 9:15 p.m.•36 views

Design/Logic Flaw

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the...

5.5CVSS7.8AI score0.02001EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2020/09/15 7:15 p.m.•36 views

Remote code execution

Yii 2 yiisoft/yii2 before version 2.0.38 is vulnerable to remote code execution if the application calls unserialize on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory...

7.5CVSS9.6AI score0.78759EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2020/09/11 5:15 p.m.•36 views

Remote code execution

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or...

9.3CVSS8AI score0.04664EPSS
Exploits0References2Affected Software2
Prion
Prion
•added 2020/09/10 2:15 a.m.•36 views

Design/Logic Flaw

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd-norefcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature...

7.2CVSS7.1AI score0.00965EPSS
Exploits1References9Affected Software1
Prion
Prion
•added 2020/09/01 9:15 p.m.•36 views

Remote code execution

A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this...

7.5CVSS9.9AI score0.06172EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2020/08/21 9:15 p.m.•36 views

Design/Logic Flaw

In BIND 9.10.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.10.5-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: be running BIND tha...

4.3CVSS7.2AI score0.06348EPSS
Exploits0References11Affected Software6
Prion
Prion
•added 2020/07/14 6:15 p.m.•36 views

Design/Logic Flaw

In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her...

7.2CVSS7.7AI score0.00342EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2020/07/13 5:15 p.m.•36 views

Design/Logic Flaw

A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is no...

2.1CVSS6.4AI score0.03133EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2020/07/13 1:15 p.m.•36 views

Input validation

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

5CVSS7.4AI score0.06304EPSS
Exploits0References27Affected Software7
Prion
Prion
•added 2020/07/09 6:15 p.m.•36 views

Design/Logic Flaw

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...

7.5CVSS9.1AI score0.11138EPSS
Exploits0References17Affected Software1
Prion
Prion
•added 2020/06/17 5:15 p.m.•36 views

Code injection

ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device...

4.6CVSS7.8AI score0.00496EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2020/06/02 2:15 p.m.•36 views

Out-of-bounds

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation...

4.6CVSS5.9AI score0.00421EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2020/04/30 5:15 p.m.•36 views

Authentication flaw

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the...

7.5CVSS8.5AI score0.96405EPSS
Exploits24References11Affected Software5
Prion
Prion
•added 2020/04/29 6:15 p.m.•36 views

Design/Logic Flaw

usbsgcancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925...

7.2CVSS6.4AI score0.00802EPSS
Exploits1References17Affected Software2
Prion
Prion
•added 2020/04/28 3:15 p.m.•36 views

Remote code execution

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...

7.5CVSS9.6AI score0.9927EPSS
Exploits45References5Affected Software1
Prion
Prion
•added 2020/04/27 1:15 p.m.•36 views

Cross site scripting

Grafana version 6.7.3 is vulnerable for annotation popup XSS...

4.3CVSS6.3AI score0.0148EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2020/04/15 3:15 p.m.•36 views

Remote code execution

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could...

6.8CVSS8.3AI score0.69166EPSS
Exploits1References2Affected Software5
Prion
Prion
•added 2020/04/15 2:15 p.m.•36 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4CVSS4.8AI score0.02513EPSS
Exploits0References7Affected Software4
Prion
Prion
•added 2020/04/15 2:15 p.m.•36 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t...

4CVSS4.8AI score0.02199EPSS
Exploits0References7Affected Software4
Prion
Prion
•added 2020/04/01 9:15 p.m.•36 views

Code injection

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

4CVSS6.6AI score0.0236EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2020/03/02 4:15 p.m.•36 views

Cross site scripting

In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...

4CVSS6.5AI score0.02487EPSS
Exploits0References7Affected Software1
Prion
Prion
•added 2020/02/12 8:15 p.m.•36 views

Stack overflow

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion...

7.8CVSS6.9AI score0.06485EPSS
Exploits3References4Affected Software4
Prion
Prion
•added 2020/02/12 3:15 p.m.•36 views

Improper access control

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. This vulnerability does not...

4.4CVSS6.7AI score0.00457EPSS
Exploits0References15Affected Software5
Prion
Prion
•added 2020/02/11 10:15 p.m.•36 views

Remote code execution

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713,...

7.6CVSS7.7AI score0.86863EPSS
Exploits17References1Affected Software1
Prion
Prion
•added 2020/02/07 3:15 p.m.•36 views

Input validation

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate...

5CVSS8.1AI score0.20457EPSS
Exploits1References16Affected Software10
Prion
Prion
•added 2020/02/05 5:15 p.m.•36 views

Information disclosure

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a...

2.9CVSS5.7AI score0.07709EPSS
Exploits9References13Affected Software3
Prion
Prion
•added 2020/01/23 3:15 p.m.•36 views

Cross site scripting

The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS...

4.3CVSS6AI score0.01058EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2020/01/16 9:15 p.m.•36 views

Heap overflow

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmfwowlndresults...

7.9CVSS7AI score0.03844EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2020/01/15 5:15 p.m.•36 views

Design/Logic Flaw

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client...

4.3CVSS5.4AI score0.0293EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2020/01/15 5:15 p.m.•36 views

Design/Logic Flaw

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client...

4.3CVSS5.4AI score0.03006EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2020/01/15 5:15 p.m.•36 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.8AI score0.01878EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2019/12/18 6:15 p.m.•36 views

Memory corruption

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution...

6.8CVSS9.3AI score0.0172EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2019/12/18 6:15 p.m.•36 views

Memory corruption

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution...

9.3CVSS8.9AI score0.02054EPSS
Exploits0References5Affected Software5
Prion
Prion
•added 2019/12/02 2:15 a.m.•36 views

Default credentials

FreeSWITCH 1.6.10 through 1.10.1 has a default password in eventsocket.conf.xml...

7.5CVSS9.5AI score0.28953EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2019/11/19 6:15 p.m.•36 views

Code injection

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with --enable-ipsecmod support, and ipsecmod is enabled and used in the configuration...

6.8CVSS7.3AI score0.03212EPSS
Exploits1References7Affected Software3
Total number of security vulnerabilities5000