Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2020/09/10 2:15 a.m.•35 views

Design/Logic Flaw

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd-norefcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature...

7.2CVSS7.1AI score0.00965EPSS
Exploits1References9Affected Software1
Prion
Prion
•added 2020/08/21 9:15 p.m.•35 views

Design/Logic Flaw

In BIND 9.10.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.10.5-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: be running BIND tha...

4.3CVSS7.2AI score0.06348EPSS
Exploits0References11Affected Software6
Prion
Prion
•added 2020/08/17 7:15 p.m.•35 views

Remote code execution

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...

7.6CVSS8.4AI score0.24188EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2020/08/14 5:15 p.m.•35 views

Design/Logic Flaw

In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing C:\ProgramData\ComposerSetup\bin\composer.bat in order to get elevated comma...

4.4CVSS8AI score0.00404EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2020/07/13 5:15 p.m.•35 views

Design/Logic Flaw

A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is no...

2.1CVSS6.4AI score0.03133EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2020/07/09 6:15 p.m.•35 views

Design/Logic Flaw

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...

7.5CVSS9.1AI score0.11138EPSS
Exploits0References17Affected Software1
Prion
Prion
•added 2020/06/15 6:15 p.m.•35 views

Integer overflow

An integer overflow in the getnum function in luastruct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox restrictions via a large...

4CVSS7.9AI score0.05362EPSS
Exploits1References6Affected Software4
Prion
Prion
•added 2020/06/08 5:15 p.m.•35 views

Open redirect

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.8CVSS7.4AI score0.15193EPSS
Exploits3References17Affected Software2
Prion
Prion
•added 2020/06/04 1:15 p.m.•35 views

Design/Logic Flaw

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service daemon exit or system time change by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path...

5.8CVSS7.2AI score0.04071EPSS
Exploits0References7Affected Software8
Prion
Prion
•added 2020/05/12 8:15 p.m.•35 views

Cross site request forgery (csrf)

In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account...

9CVSS8.6AI score0.10949EPSS
Exploits7References3Affected Software1
Prion
Prion
•added 2020/05/01 4:15 p.m.•35 views

Command injection

An OS Command Injection vulnerability in the endpointdevicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012...

9CVSS9AI score0.65208EPSS
Exploits4References2Affected Software1
Prion
Prion
•added 2020/04/30 11:15 p.m.•35 views

Cross site scripting

In affected versions of WordPress, a vulnerability in the stats method of class-wp-object-cache.php can be exploited to execute cross-site scripting XSS attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release 5.3.3, 5.2.6, 5.1.5, 5.0.9,...

4.3CVSS6AI score0.02139EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2020/04/30 5:15 p.m.•35 views

Authentication flaw

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the...

7.5CVSS8.5AI score0.96405EPSS
Exploits24References11Affected Software5
Prion
Prion
•added 2020/04/29 6:15 p.m.•35 views

Design/Logic Flaw

usbsgcancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925...

7.2CVSS6.4AI score0.00802EPSS
Exploits1References17Affected Software2
Prion
Prion
•added 2020/04/16 7:15 p.m.•35 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11612. Reason: This candidate is a reservation duplicate of CVE-2020-11612. Notes: All CVE users should reference CVE-2020-11612 instead of this candidate. All references and descriptions in this candidate have been removed t...

7.4AI score0.09438EPSS
Exploits0
Prion
Prion
•added 2020/04/15 2:15 p.m.•35 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t...

4CVSS4.8AI score0.02199EPSS
Exploits0References7Affected Software4
Prion
Prion
•added 2020/04/14 11:15 p.m.•35 views

Out-of-bounds

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp...

4.3CVSS6.6AI score0.01785EPSS
Exploits1References16Affected Software11
Prion
Prion
•added 2020/04/04 2:15 p.m.•35 views

Remote code execution

Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution...

7.5CVSS9.8AI score0.1879EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2020/04/01 9:15 p.m.•35 views

Code injection

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

4CVSS6.6AI score0.0236EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2020/03/30 8:15 p.m.•35 views

Sql injection

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords...

5CVSS8.3AI score0.11875EPSS
Exploits3References1Affected Software3
Prion
Prion
•added 2020/02/11 10:15 p.m.•35 views

Remote code execution

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713,...

7.6CVSS7.7AI score0.86863EPSS
Exploits17References1Affected Software1
Prion
Prion
•added 2020/02/05 5:15 p.m.•35 views

Information disclosure

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a...

2.9CVSS5.7AI score0.07709EPSS
Exploits9References13Affected Software3
Prion
Prion
•added 2020/02/04 8:15 p.m.•35 views

Buffer overflow

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy...

7.5CVSS7.7AI score0.7179EPSS
Exploits0References15Affected Software5
Prion
Prion
•added 2020/01/23 3:15 p.m.•35 views

Cross site scripting

The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS...

4.3CVSS6AI score0.01058EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2020/01/16 9:15 p.m.•35 views

Heap overflow

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmfwowlndresults...

7.9CVSS7AI score0.03844EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2020/01/15 5:15 p.m.•35 views

Design/Logic Flaw

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client...

4.3CVSS5.4AI score0.03006EPSS
Exploits0References4Affected Software2
Prion
Prion
•added 2020/01/15 5:15 p.m.•35 views

Design/Logic Flaw

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client...

4.3CVSS5.4AI score0.0293EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2019/12/18 6:15 p.m.•35 views

Memory corruption

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution...

9.3CVSS8.9AI score0.02054EPSS
Exploits0References5Affected Software5
Prion
Prion
•added 2019/12/18 6:15 p.m.•35 views

Memory corruption

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution...

6.8CVSS9.3AI score0.0172EPSS
Exploits0References3Affected Software2
Prion
Prion
•added 2019/12/10 10:15 p.m.•35 views

Privilege escalation

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from...

7.2CVSS7.8AI score0.0512EPSS
Exploits4References2Affected Software2
Prion
Prion
•added 2019/11/19 6:15 p.m.•35 views

Code injection

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with --enable-ipsecmod support, and ipsecmod is enabled and used in the configuration...

6.8CVSS7.3AI score0.03212EPSS
Exploits1References7Affected Software3
Prion
Prion
•added 2019/10/29 7:15 p.m.•35 views

Sql injection

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can...

6.5CVSS8.8AI score0.0217EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2019/10/18 10:15 p.m.•35 views

Session fixation

In the Linux kernel before 5.3.4, a reference count usage error in the fib6rulesuppress function in the fib6 suppression feature of net/ipv6/fib6rules.c, when handling the FIBLOOKUPNOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753...

7.2CVSS7.1AI score0.00455EPSS
Exploits1References6Affected Software2
Prion
Prion
•added 2019/10/09 4:15 p.m.•35 views

Design/Logic Flaw

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertio...

3.5CVSS6AI score0.02264EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2019/09/20 7:15 p.m.•35 views

Heap overflow

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of servicesystem crash or possibly execute arbitrary code...

7.2CVSS8.8AI score0.00909EPSS
Exploits1References30Affected Software19
Prion
Prion
•added 2019/09/11 4:15 p.m.•35 views

Null pointer dereference

drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the allocworkqueue return value, leading to a NULL pointer dereference...

4.7CVSS5.3AI score0.00436EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2019/09/10 5:15 p.m.•35 views

Code injection

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

4.3CVSS4.8AI score0.03838EPSS
Exploits0References30Affected Software1
Prion
Prion
•added 2019/09/10 5:15 p.m.•35 views

Design/Logic Flaw

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

5CVSS5AI score0.06232EPSS
Exploits0References15Affected Software1
Prion
Prion
•added 2019/09/09 5:15 p.m.•35 views

Design/Logic Flaw

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner."...

4.3CVSS7.2AI score0.04253EPSS
Exploits0References17Affected Software15
Prion
Prion
•added 2019/08/14 9:15 p.m.•35 views

Remote code execution

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152...

9.3CVSS8.8AI score0.29051EPSS
Exploits1References2Affected Software5
Prion
Prion
•added 2019/07/30 5:15 p.m.•35 views

Null pointer dereference

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to...

5CVSS7.1AI score0.02779EPSS
Exploits0References7Affected Software11
Prion
Prion
•added 2019/07/25 5:15 p.m.•35 views

Code injection

User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150,...

7.2CVSS7.6AI score0.00211EPSS
Exploits0References1
Prion
Prion
•added 2019/07/23 11:15 p.m.•35 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructu...

3.6CVSS5.2AI score0.0079EPSS
Exploits0References14Affected Software7
Prion
Prion
•added 2019/07/23 11:15 p.m.•35 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.8AI score0.02008EPSS
Exploits0References5Affected Software6
Prion
Prion
•added 2019/07/03 5:15 p.m.•35 views

Code injection

DNN aka DotNetNuke 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811...

5CVSS7.5AI score0.74048EPSS
Exploits5References3Affected Software1
Prion
Prion
•added 2019/06/14 8:29 p.m.•35 views

Design/Logic Flaw

An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via t...

6.8CVSS8.7AI score0.13274EPSS
Exploits5References5Affected Software1
Prion
Prion
•added 2019/05/28 7:29 p.m.•35 views

Heap overflow

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1...

4.6CVSS8.1AI score0.49739EPSS
Exploits1References14Affected Software8
Prion
Prion
•added 2019/04/23 7:32 p.m.•35 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.8AI score0.02852EPSS
Exploits0References9Affected Software8
Prion
Prion
•added 2019/04/23 7:32 p.m.•35 views

Design/Logic Flaw

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

3.5CVSS4.3AI score0.01934EPSS
Exploits0References6Affected Software7
Prion
Prion
•added 2019/04/23 7:32 p.m.•35 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Information Schema. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.8AI score0.02021EPSS
Exploits0References4Affected Software6
Total number of security vulnerabilities5000