Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2022/04/05 1:15 p.m.•35 views

Memory corruption

IOMMU: RMRR VT-d and unity map AMD-Vi handling issues This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region...

4.4CVSS7.4AI score0.00344EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2022/03/30 9:15 p.m.•35 views

Design/Logic Flaw

PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds...

5CVSS8.3AI score0.02039EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2022/03/25 7:15 p.m.•35 views

Stack overflow

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges...

9CVSS8.8AI score0.67994EPSS
Exploits2References3Affected Software23
Prion
Prion
•added 2022/03/22 9:15 p.m.•35 views

Command injection

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi...

7.5CVSS9.8AI score0.03986EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2022/03/10 8:15 p.m.•35 views

Race condition

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

4.4CVSS6.7AI score0.00351EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/02/24 7:15 p.m.•35 views

Out-of-bounds

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution...

5.1CVSS7.8AI score0.0113EPSS
Exploits0References4Affected Software4
Prion
Prion
•added 2022/02/04 11:15 p.m.•35 views

Design/Logic Flaw

A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service ...

7.2CVSS8.1AI score0.01206EPSS
Exploits2References4Affected Software4
Prion
Prion
•added 2022/01/25 4:15 p.m.•35 views

Type confusion

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling o...

7.2CVSS7.7AI score0.00972EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/01/19 12:15 p.m.•35 views

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

4.9CVSS5.6AI score0.01296EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/01/19 12:15 p.m.•35 views

Design/Logic Flaw

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

2.9CVSS2.2AI score0.01386EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2022/01/19 12:15 p.m.•35 views

Design/Logic Flaw

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

2.9CVSS2.2AI score0.01553EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2022/01/19 12:15 p.m.•35 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS4.8AI score0.01398EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2022/01/18 4:15 p.m.•35 views

Deserialization of untrusted data

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

6CVSS9.1AI score0.81147EPSS
Exploits9References6Affected Software24
Prion
Prion
•added 2022/01/16 5:15 p.m.•35 views

Design/Logic Flaw

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor...

5.8CVSS7.5AI score0.01646EPSS
Exploits1References4Affected Software3
Prion
Prion
•added 2022/01/11 9:15 p.m.•35 views

Security feature bypass

Secure Boot Security Feature Bypass Vulnerability...

4.9CVSS6.4AI score0.06567EPSS
Exploits1References1Affected Software3
Prion
Prion
•added 2022/01/05 5:15 p.m.•35 views

Design/Logic Flaw

Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "drive...

2.1CVSS6.7AI score0.00332EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2021/12/30 10:15 p.m.•35 views

Command injection

Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter...

7.7CVSS8.1AI score0.0853EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/12/23 3:15 p.m.•35 views

Authentication flaw

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations...

6.8CVSS9.5AI score0.03193EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/12/15 3:15 p.m.•35 views

Spoofing

We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker...

6CVSS6.8AI score0.10295EPSS
Exploits1References5
Prion
Prion
•added 2021/11/17 6:15 p.m.•35 views

Input validation

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain...

6.5CVSS8.7AI score0.79823EPSS
Exploits5References6Affected Software1
Prion
Prion
•added 2021/11/10 1:19 a.m.•35 views

Remote code execution

Microsoft Excel Remote Code Execution Vulnerability...

6.8CVSS7.6AI score0.0207EPSS
Exploits0References1Affected Software5
Prion
Prion
•added 2021/10/20 11:17 a.m.•35 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4CVSS4.8AI score0.01935EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2021/10/20 7:15 a.m.•35 views

Heap overflow

A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CASENDMSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to...

4.6CVSS6.7AI score0.0044EPSS
Exploits0References4Affected Software8
Prion
Prion
•added 2021/10/19 2:15 p.m.•35 views

Memory corruption

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been...

9.3CVSS7.6AI score0.28839EPSS
Exploits0References3Affected Software4
Prion
Prion
•added 2021/10/13 1:15 a.m.•35 views

Privilege escalation

Win32k Elevation of Privilege Vulnerability...

4.6CVSS7.6AI score0.73381EPSS
Exploits11References2Affected Software6
Prion
Prion
•added 2021/10/08 10:15 p.m.•35 views

Design/Logic Flaw

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.9AI score0.34887EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2021/10/05 6:15 p.m.•35 views

Design/Logic Flaw

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...

6.8CVSS7AI score0.99888EPSS
Exploits1References8Affected Software2
Prion
Prion
•added 2021/09/24 7:15 p.m.•35 views

Design/Logic Flaw

Vulnerability in Oracle Linux component: OSwatcher. Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability c...

7.2CVSS7.9AI score0.00323EPSS
Exploits0References2Affected Software2
Prion
Prion
•added 2021/09/09 10:15 p.m.•35 views

Double free

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wpdie can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on yo...

4.3CVSS5.2AI score0.02207EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2021/09/09 8:15 a.m.•35 views

Buffer overflow

Possible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure an...

5CVSS7.7AI score0.00587EPSS
Exploits0References1
Prion
Prion
•added 2021/09/08 3:15 p.m.•35 views

Memory corruption

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that...

6.8CVSS8.8AI score0.03692EPSS
Exploits0References5Affected Software5
Prion
Prion
•added 2021/08/22 7:15 p.m.•35 views

Code injection

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

4.3CVSS5.8AI score0.01469EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2021/08/17 7:15 p.m.•35 views

Integer overflow

An integer overflow vulnerability in the calloc function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform SDP versions 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to...

6.8CVSS9.6AI score0.018EPSS
Exploits0References2Affected Software3
Prion
Prion
•added 2021/08/16 7:15 p.m.•35 views

Design/Logic Flaw

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface...

6.5CVSS6.7AI score0.07828EPSS
Exploits1References1Affected Software2
Prion
Prion
•added 2021/08/13 12:15 a.m.•35 views

Design/Logic Flaw

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using...

3.5CVSS5.6AI score0.01324EPSS
Exploits0References8Affected Software12
Prion
Prion
•added 2021/08/07 6:15 p.m.•35 views

Integer overflow

In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAPSYSADMIN capability...

4.6CVSS7.4AI score0.0032EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2021/07/21 3:15 p.m.•35 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Memcached. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS3.2AI score0.02312EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2021/07/14 6:15 p.m.•35 views

Remote code execution

Windows DNS Snap-in Remote Code Execution Vulnerability...

6.8CVSS8.7AI score0.02234EPSS
Exploits0References1Affected Software5
Prion
Prion
•added 2021/07/14 3:15 p.m.•35 views

Design/Logic Flaw

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

3.6CVSS7.2AI score0.00216EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2021/07/09 5:15 p.m.•35 views

Design/Logic Flaw

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...

4CVSS7.3AI score0.01861EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2021/07/01 3:15 a.m.•35 views

Double free

The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from verifymappermclassperms and hashtabmap...

2.1CVSS6.3AI score0.00453EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2021/06/21 4:15 p.m.•35 views

Code injection

A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service ReDOS occurs if the application is provided and checks a crafted invalid SVG string...

5CVSS7.3AI score0.02813EPSS
Exploits1References4Affected Software1
Prion
Prion
•added 2021/06/18 9:15 p.m.•35 views

Design/Logic Flaw

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checke...

7.5CVSS9.3AI score0.01064EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2021/05/28 12:15 p.m.•35 views

Privilege escalation

Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissio...

7.2CVSS7.7AI score0.00237EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2021/05/14 8:15 p.m.•35 views

Out-of-bounds

TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...

3.6CVSS6.8AI score0.00198EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2021/05/04 4:15 p.m.•35 views

Integer overflow

Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly...

6CVSS8.7AI score0.03628EPSS
Exploits0References5Affected Software2
Prion
Prion
•added 2021/04/29 3:15 p.m.•35 views

Path traversal

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 could allow unauthenticated remote attackers to bypass authentication...

7.5CVSS8.1AI score0.99983EPSS
Exploits5References3Affected Software2
Prion
Prion
•added 2021/04/27 6:15 a.m.•35 views

Integer overflow

DISPUTED Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...

7.5CVSS9.4AI score0.02037EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2021/04/27 6:15 a.m.•35 views

Integer overflow

DISPUTED Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGNUP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...

7.5CVSS9.4AI score0.01783EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2021/04/22 10:15 p.m.•35 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4CVSS4.8AI score0.02072EPSS
Exploits0References5Affected Software2
Total number of security vulnerabilities5000