Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2020/07/15 6:15 p.m.•33 views

Design/Logic Flaw

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS4.1AI score0.04044EPSS
Exploits0References11Affected Software10
Prion
Prion
•added 2020/07/10 4:15 p.m.•33 views

Code injection

Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download...

4.3CVSS6.8AI score0.10695EPSS
Exploits0References1Affected Software4
Prion
Prion
•added 2020/07/09 4:15 p.m.•33 views

Design/Logic Flaw

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6sendechoreply routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory,...

2.1CVSS5.7AI score0.0051EPSS
Exploits0References10Affected Software6
Prion
Prion
•added 2020/06/26 5:15 p.m.•33 views

Code injection

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...

5CVSS7.3AI score0.26699EPSS
Exploits0References24Affected Software8
Prion
Prion
•added 2020/06/17 8:15 p.m.•33 views

Design/Logic Flaw

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

5CVSS7.3AI score0.01855EPSS
Exploits0References2Affected Software2
Prion
Prion
•added 2020/06/17 4:15 p.m.•33 views

Null pointer dereference

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference...

5CVSS7.3AI score0.0339EPSS
Exploits0References10Affected Software10
Prion
Prion
•added 2020/06/09 8:15 p.m.•33 views

Remote code execution

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260...

7.6CVSS7.9AI score0.08022EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2020/06/09 8:15 p.m.•33 views

Remote code execution

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1260...

7.6CVSS7.9AI score0.08022EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2020/06/09 8:15 p.m.•33 views

Privilege escalation

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1269,...

7.2CVSS7.5AI score0.15932EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2020/06/03 11:15 p.m.•33 views

Security feature bypass

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...

5CVSS7.5AI score0.05316EPSS
Exploits0References14Affected Software10
Prion
Prion
•added 2020/05/29 8:15 p.m.•33 views

Denial of service

There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product...

5CVSS7.3AI score0.00745EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2020/05/19 2:15 p.m.•33 views

Design/Logic Flaw

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

5CVSS7AI score0.03171EPSS
Exploits0References13Affected Software5
Prion
Prion
•added 2020/05/15 6:15 p.m.•33 views

Memory corruption

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space...

4.7CVSS5.7AI score0.00404EPSS
Exploits0References13Affected Software5
Prion
Prion
•added 2020/05/05 5:15 a.m.•33 views

Heap overflow

An issue was found in Linux kernel before 5.5.4. mwifiexretwmmgetstatus in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591...

4.3CVSS6.9AI score0.01218EPSS
Exploits0References12Affected Software1
Prion
Prion
•added 2020/05/05 5:15 a.m.•33 views

Race condition

The mptctlioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security...

4.7CVSS5.4AI score0.00328EPSS
Exploits0References9Affected Software1
Prion
Prion
•added 2020/04/30 5:15 p.m.•33 views

Improper access control

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

4CVSS7.8AI score0.86063EPSS
Exploits17References12Affected Software6
Prion
Prion
•added 2020/04/15 2:15 p.m.•33 views

Design/Logic Flaw

Vulnerability in the Java SE product of Oracle Java SE component: Advanced Management Console. The supported version that is affected is Java Advanced Management Console: 2.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

4.3CVSS3.6AI score0.02446EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2020/04/14 5:15 p.m.•33 views

Race condition

The Synergy Systems & Solutions SSS HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions CWE-754 vulnerability. The affected product is vulnerable to specially crafted TCP packets, which can cause the device to shut down or reboot a...

8.5CVSS6.2AI score0.02218EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2020/03/24 8:15 p.m.•33 views

Sql injection

An issue was discovered on Samsung mobile devices with P9.0 software. The MemorySaver Content Provider allows SQL injection. The Samsung ID is SVE-2019-14365 August 2019...

7.5CVSS9.9AI score0.00399EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2020/03/23 4:15 p.m.•33 views

Information disclosure

The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management...

7.8CVSS7.6AI score0.02594EPSS
Exploits1References2Affected Software1
Prion
Prion
•added 2020/03/11 4:15 p.m.•33 views

Design/Logic Flaw

The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...

4.3CVSS6.8AI score0.01756EPSS
Exploits0References18Affected Software7
Prion
Prion
•added 2020/03/06 3:15 p.m.•33 views

Buffer overflow

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions...

10CVSS9.8AI score0.74513EPSS
Exploits2References10Affected Software6
Prion
Prion
•added 2020/03/05 9:15 a.m.•33 views

Buffer overflow

Buffer Over-read when WLAN module gets a WMI message for SAR limits with invalid number of limits to be enforced in Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networki...

6.6CVSS7AI score0.00197EPSS
Exploits0References1
Prion
Prion
•added 2020/03/04 3:15 p.m.•33 views

Design/Logic Flaw

The GNU C Library aka glibc or libc6 before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to...

2.1CVSS6.5AI score0.00758EPSS
Exploits1References10Affected Software5
Prion
Prion
•added 2020/02/03 11:15 p.m.•33 views

Buffer overflow

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions...

7.5CVSS9.6AI score0.19431EPSS
Exploits3References22Affected Software4
Prion
Prion
•added 2020/01/29 9:15 p.m.•33 views

Design/Logic Flaw

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

6.4CVSS8.9AI score0.08914EPSS
Exploits1References66Affected Software6
Prion
Prion
•added 2020/01/29 9:15 p.m.•33 views

Design/Logic Flaw

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...

6.4CVSS8.8AI score0.13474EPSS
Exploits1References54Affected Software7
Prion
Prion
•added 2020/01/27 4:15 p.m.•33 views

Sql injection

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an...

7.5CVSS8AI score0.04193EPSS
Exploits0References7Affected Software2
Prion
Prion
•added 2020/01/27 4:15 p.m.•33 views

Privilege escalation

A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe which is running as NT AUTHORITY\SYSTEM when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, th...

7.2CVSS7.5AI score0.00522EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2020/01/21 7:15 a.m.•33 views

Null pointer dereference

Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017...

7.8CVSS8.1AI score0.00814EPSS
Exploits0References1
Prion
Prion
•added 2020/01/15 5:15 p.m.•33 views

Design/Logic Flaw

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

6.8CVSS7.4AI score0.04903EPSS
Exploits0References24Affected Software19
Prion
Prion
•added 2020/01/14 9:15 p.m.•33 views

Design/Logic Flaw

In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 and 5.x before 5.2, there is a use-after-free write in the i915ppgttclose function in drivers/gpu/drm/i915/i915gemgtt.c, aka CID-7dc40713618c. This is related to i915gemcontextdestroyioctl in...

4.6CVSS7.1AI score0.00617EPSS
Exploits0References12Affected Software1
Prion
Prion
•added 2020/01/08 10:15 p.m.•33 views

Type confusion

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

6.8CVSS8AI score0.02489EPSS
Exploits0References25Affected Software9
Prion
Prion
•added 2019/12/25 4:15 a.m.•33 views

Race condition

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sasdiscover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5...

1.9CVSS5.3AI score0.00654EPSS
Exploits1References11Affected Software5
Prion
Prion
•added 2019/12/19 9:15 p.m.•33 views

Design/Logic Flaw

DISPUTED In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via...

5CVSS7.4AI score0.03295EPSS
Exploits0References18Affected Software1
Prion
Prion
•added 2019/12/18 6:15 p.m.•33 views

Memory corruption

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary...

9.3CVSS9.3AI score0.02291EPSS
Exploits0References7Affected Software9
Prion
Prion
•added 2019/12/15 10:15 p.m.•33 views

Open redirect

JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL...

5.8CVSS7AI score0.00663EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2019/11/29 3:15 p.m.•33 views

Stack overflow

A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service system crash or, possibly execute arbitrary code, when a STA works in IBSS mode allows connecting stations together without the use of ...

7.5CVSS9.4AI score0.02909EPSS
Exploits0References15Affected Software3
Prion
Prion
•added 2019/11/27 11:15 p.m.•33 views

Design/Logic Flaw

In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4xattrsetentry use-after-free in fs/ext4/xattr.c when a large oldsize value is used in a memset call, aka CID-345c0dbf3a30...

4.4CVSS6.3AI score0.00692EPSS
Exploits1References10Affected Software3
Prion
Prion
•added 2019/11/25 3:15 p.m.•33 views

Design/Logic Flaw

Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.8AI score0.72977EPSS
Exploits4References5Affected Software2
Prion
Prion
•added 2019/11/14 7:15 p.m.•33 views

Improper access control

Insufficient access control in subsystem for Intel R processor graphics in 6th, 7th, 8th and 9th Generation IntelR CoreTM Processor Families; IntelR PentiumR Processor J, N, Silver and Gold Series; IntelR CeleronR Processor J, N, G3900 and G4900 Series; IntelR AtomR Processor A and E3900 Series;...

2.1CVSS6AI score0.00646EPSS
Exploits0References7Affected Software148
Prion
Prion
•added 2019/11/07 4:15 p.m.•33 views

Memory corruption

A memory leak in the ccprunshacmd function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory consumption, aka CID-128c66429247...

2.1CVSS5.3AI score0.00329EPSS
Exploits0References8Affected Software4
Prion
Prion
•added 2019/10/23 8:15 p.m.•33 views

Xxe

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...

2.1CVSS6.8AI score0.0099EPSS
Exploits0References13Affected Software26
Prion
Prion
•added 2019/10/21 8:15 p.m.•33 views

Hardcoded credentials

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form html\admin\modules\manager\views\form.php, an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via G...

4.3CVSS6.2AI score0.01311EPSS
Exploits1References3Affected Software2
Prion
Prion
•added 2019/10/16 6:15 p.m.•33 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.8AI score0.01789EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2019/10/16 6:15 p.m.•33 views

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4CVSS4.8AI score0.02593EPSS
Exploits0References6Affected Software3
Prion
Prion
•added 2019/10/03 2:15 p.m.•33 views

Input validation

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 JON. This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3...

6.8CVSS8.2AI score0.95821EPSS
Exploits4References1Affected Software1
Prion
Prion
•added 2019/09/23 12:15 p.m.•33 views

Information disclosure

In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized...

5CVSS6.8AI score0.02701EPSS
Exploits0References8Affected Software3
Prion
Prion
•added 2019/09/11 10:15 p.m.•33 views

Privilege escalation

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'...

4.6CVSS7.7AI score0.00834EPSS
Exploits0References1Affected Software5
Prion
Prion
•added 2019/09/11 3:15 p.m.•33 views

Code injection

McAfee Web Gateway MWG earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies...

5CVSS7.4AI score0.58373EPSS
Exploits0References1Affected Software4
Total number of security vulnerabilities5000