Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2022/02/24 3:15 p.m.•36 views

Default credentials

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

6.5CVSS8.9AI score0.04123EPSS
Exploits0References10Affected Software6
Prion
Prion
•added 2022/02/18 6:15 p.m.•36 views

Stack overflow

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvmechangednslist where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information...

2.1CVSS5.2AI score0.00312EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2022/02/18 5:15 a.m.•36 views

Stack overflow

In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...

4.3CVSS7.7AI score0.03268EPSS
Exploits0References10Affected Software6
Prion
Prion
•added 2022/02/11 6:15 a.m.•36 views

Memory corruption

An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yamsiocdevprivate in drivers/net/hamradio/yam.c...

2.1CVSS5.5AI score0.00428EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2022/02/10 6:15 p.m.•36 views

Code injection

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed depending on your rules regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list EDL i...

4CVSS6.4AI score0.00663EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2022/01/30 3:15 p.m.•36 views

Design/Logic Flaw

Use After Free in GitHub repository vim/vim prior to 8.2...

6.8CVSS7.7AI score0.01395EPSS
Exploits1References7Affected Software3
Prion
Prion
•added 2022/01/19 12:15 p.m.•36 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS4.8AI score0.01398EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/01/19 12:15 p.m.•36 views

Design/Logic Flaw

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

2.9CVSS2.2AI score0.01386EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2022/01/19 12:15 p.m.•36 views

Design/Logic Flaw

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

2.9CVSS2.2AI score0.01553EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2022/01/19 12:15 p.m.•36 views

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

5CVSS4.7AI score0.02755EPSS
Exploits0References6Affected Software6
Prion
Prion
•added 2022/01/18 4:15 p.m.•36 views

Deserialization of untrusted data

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

6CVSS9.1AI score0.81147EPSS
Exploits9References6Affected Software24
Prion
Prion
•added 2022/01/11 9:15 p.m.•36 views

Security feature bypass

Secure Boot Security Feature Bypass Vulnerability...

4.9CVSS6.4AI score0.06567EPSS
Exploits1References1Affected Software3
Prion
Prion
•added 2021/12/15 7:15 p.m.•36 views

Remote code execution

In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...

10CVSS9AI score0.01602EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/12/14 4:15 p.m.•36 views

Design/Logic Flaw

A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data...

4.3CVSS6.1AI score0.22318EPSS
Exploits3References4Affected Software1
Prion
Prion
•added 2021/12/07 7:15 p.m.•36 views

Server side request forgery (ssrf)

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly...

4CVSS6.3AI score0.00849EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/11/02 9:15 p.m.•36 views

Design/Logic Flaw

Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows...

4.3CVSS7.3AI score0.01416EPSS
Exploits0References4Affected Software3
Prion
Prion
•added 2021/10/20 11:17 a.m.•36 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4CVSS4.8AI score0.01935EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/10/19 2:15 p.m.•36 views

Memory corruption

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been...

9.3CVSS7.6AI score0.28839EPSS
Exploits0References3Affected Software4
Prion
Prion
•added 2021/10/13 1:15 a.m.•36 views

Privilege escalation

Win32k Elevation of Privilege Vulnerability...

4.6CVSS7.6AI score0.73381EPSS
Exploits11References2Affected Software6
Prion
Prion
•added 2021/10/08 10:15 p.m.•36 views

Design/Logic Flaw

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.9AI score0.34887EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2021/10/04 6:15 p.m.•36 views

Authentication flaw

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol RESP request, Redis allocates memory according to user-specified values which determine the number of elements in the multi-bulk header and size of each element in the bulk header. ...

5CVSS7.9AI score0.1578EPSS
Exploits0References10Affected Software4
Prion
Prion
•added 2021/09/15 10:15 p.m.•36 views

Authentication flaw

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets...

10CVSS9.5AI score0.99556EPSS
Exploits9References3Affected Software18
Prion
Prion
•added 2021/09/09 10:15 p.m.•36 views

Double free

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wpdie can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on yo...

4.3CVSS5.2AI score0.02207EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2021/09/08 3:15 p.m.•36 views

Memory corruption

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that...

6.8CVSS8.8AI score0.03692EPSS
Exploits0References5Affected Software5
Prion
Prion
•added 2021/08/26 7:15 p.m.•36 views

Authentication flaw

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated...

5.8CVSS7.6AI score0.00895EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2021/08/18 8:15 p.m.•36 views

Code injection

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrec...

9CVSS7.2AI score0.02395EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2021/08/17 7:15 p.m.•36 views

Integer overflow

An integer overflow vulnerability in the calloc function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform SDP versions 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to...

6.8CVSS9.6AI score0.018EPSS
Exploits0References2Affected Software3
Prion
Prion
•added 2021/08/07 6:15 p.m.•36 views

Integer overflow

In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAPSYSADMIN capability...

4.6CVSS7.4AI score0.0032EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2021/07/22 6:15 p.m.•36 views

Deserialization of untrusted data

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...

10CVSS9.7AI score0.99999EPSS
Exploits8References4Affected Software2
Prion
Prion
•added 2021/07/21 3:15 p.m.•36 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Memcached. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS3.2AI score0.02312EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2021/07/01 3:15 a.m.•36 views

Design/Logic Flaw

The CIL compiler in SELinux 3.2 has a use-after-free in cilresetclasspermission called from cilresetclasspermsset and cilresetclasspermslist...

2.1CVSS6.3AI score0.00592EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2021/06/11 4:15 p.m.•36 views

Code injection

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

4.3CVSS5.4AI score0.02979EPSS
Exploits1References8Affected Software9
Prion
Prion
•added 2021/06/10 7:15 a.m.•36 views

Stack overflow

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

6.8CVSS8AI score0.53191EPSS
Exploits0References12Affected Software6
Prion
Prion
•added 2021/06/01 2:15 p.m.•36 views

Design/Logic Flaw

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability...

6.8CVSS8.2AI score0.0199EPSS
Exploits1References9Affected Software5
Prion
Prion
•added 2021/05/17 5:15 p.m.•36 views

Design/Logic Flaw

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection...

4.3CVSS6.5AI score0.01627EPSS
Exploits0References6Affected Software4
Prion
Prion
•added 2021/05/14 8:15 p.m.•36 views

Out-of-bounds

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

4.6CVSS7.7AI score0.00234EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2021/05/12 3:15 p.m.•36 views

Design/Logic Flaw

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is ...

4.6CVSS6.9AI score0.00299EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/05/07 12:15 p.m.•36 views

Remote code execution

VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance...

7.5CVSS9.7AI score0.01981EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/05/06 1:15 p.m.•36 views

Race condition

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a deletepidfile race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options...

6.3CVSS6.8AI score0.00984EPSS
Exploits4References1Affected Software1
Prion
Prion
•added 2021/05/05 10:15 a.m.•36 views

Default configuration

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permission...

2.1CVSS3.6AI score0.00268EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2021/04/22 10:15 p.m.•36 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS4.8AI score0.02072EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2021/04/15 10:15 p.m.•36 views

Design/Logic Flaw

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...

5CVSS7.6AI score0.00976EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2021/03/03 5:15 p.m.•36 views

Design/Logic Flaw

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that...

7.2CVSS7.1AI score0.00573EPSS
Exploits0References4Affected Software7
Prion
Prion
•added 2021/02/24 5:15 p.m.•36 views

Heap overflow

OpenSLP as used in ESXi 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue i...

5.8CVSS8.8AI score0.45063EPSS
Exploits7References3Affected Software2
Prion
Prion
•added 2021/02/23 6:15 p.m.•36 views

Design/Logic Flaw

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS5.8AI score0.02712EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/02/09 6:15 p.m.•36 views

Buffer overflow

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...

5CVSS5.5AI score0.01555EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2021/02/03 5:15 p.m.•36 views

Stack overflow

The function AESUnWRAP in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 up to and excluding 2.08 does not validate the size parameter for a memcpy operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An...

6.8CVSS8.4AI score0.02636EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2021/02/02 7:15 a.m.•36 views

Directory traversal

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...

5CVSS5.4AI score0.07605EPSS
Exploits1References5Affected Software2
Prion
Prion
•added 2021/01/29 5:15 p.m.•36 views

Design/Logic Flaw

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458...

7.2CVSS7.3AI score0.01377EPSS
Exploits1References19Affected Software3
Prion
Prion
•added 2021/01/21 10:15 a.m.•36 views

Improper access control

Out of bound access in WLAN driver due to lack of validation of array length before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

10CVSS9.3AI score0.01085EPSS
Exploits0References2
Total number of security vulnerabilities5000