Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2017/06/19 4:29 p.m.•32 views

Design/Logic Flaw

glibc contains a vulnerability that allows specially crafted LDLIBRARYPATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap...

7.2CVSS7.6AI score0.02733EPSS
Exploits14References20Affected Software20
Prion
Prion
•added 2017/06/16 9:29 p.m.•32 views

Design/Logic Flaw

Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes...

5CVSS7.5AI score0.01383EPSS
Exploits0References1Affected Software1
Prion
Prion
•added 2017/06/15 1:29 a.m.•32 views

Remote code execution

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for...

9.3CVSS8.8AI score0.39019EPSS
Exploits2References6Affected Software8
Prion
Prion
•added 2017/05/12 2:29 p.m.•32 views

Remote code execution

The Microsoft Server Message Block 1.0 SMBv1 server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it...

6.8CVSS7.2AI score0.17121EPSS
Exploits0References4Affected Software3
Prion
Prion
•added 2017/05/12 2:29 p.m.•32 views

Information disclosure

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted...

1.9CVSS4.1AI score0.09659EPSS
Exploits3References4Affected Software4
Prion
Prion
•added 2017/05/12 2:29 p.m.•32 views

Remote code execution

Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265...

9.3CVSS7.6AI score0.19817EPSS
Exploits0References2Affected Software1
Prion
Prion
•added 2017/05/12 2:29 p.m.•32 views

Remote code execution

A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234,...

7.6CVSS7.6AI score0.38115EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2017/05/04 7:29 p.m.•32 views

Design/Logic Flaw

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using -CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS...

5CVSS6.7AI score0.32389EPSS
Exploits3References5Affected Software1
Prion
Prion
•added 2017/03/23 5:59 p.m.•32 views

Directory traversal

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

5CVSS7AI score0.06534EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2017/03/23 4:59 p.m.•32 views

Out-of-bounds

The ip6greerr function in net/ipv6/ip6gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access...

7.5CVSS9AI score0.04953EPSS
Exploits0References7Affected Software3
Prion
Prion
•added 2017/03/17 12:59 a.m.•32 views

Information disclosure

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092,...

4.3CVSS4.3AI score0.42124EPSS
Exploits2References4Affected Software1
Prion
Prion
•added 2017/03/17 12:59 a.m.•32 views

Remote code execution

The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site,...

7.6CVSS7.9AI score0.5047EPSS
Exploits1References4Affected Software4
Prion
Prion
•added 2017/03/15 7:59 p.m.•32 views

Integer overflow

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service application crash via a crafted .pict file...

4.3CVSS6.7AI score0.02902EPSS
Exploits0References8Affected Software8
Prion
Prion
•added 2017/03/15 3:59 p.m.•32 views

Memory corruption

Memory leak in the virglresourceattachbacking function in hw/display/virtio-gpu-3d.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service host memory consumption via a large number of VIRTIOGPUCMDRESOURCEATTACHBACKING commands...

4.9CVSS5.8AI score0.00398EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2017/03/01 8:59 p.m.•32 views

Race condition

Race condition in net/packet/afpacket.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via a multithreaded application that makes PACKETFANOUT setsockopt system calls...

6.9CVSS7AI score0.00298EPSS
Exploits0References7Affected Software1
Prion
Prion
•added 2017/02/15 3:59 p.m.•32 views

Heap overflow

Heap-based buffer overflow in the ALGnew function in blocktemplace.c in Python Cryptography Toolkit aka pycrypto allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py...

7.5CVSS8.4AI score0.09501EPSS
Exploits1References9Affected Software2
Prion
Prion
•added 2017/01/28 1:59 a.m.•32 views

Buffer overflow

A bug in util-print.c:reltsprint in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM...

7.5CVSS7.4AI score0.03355EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2017/01/24 9:59 p.m.•32 views

Design/Logic Flaw

The objectcommon1 function in ext/standard/varunserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service buffer over-read and application crash via crafted serialized data that is mishandled in a finishnesteddata call...

5CVSS7AI score0.13314EPSS
Exploits0References11Affected Software1
Prion
Prion
•added 2017/01/19 5:59 a.m.•32 views

Design/Logic Flaw

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page...

6.8CVSS6.4AI score0.34703EPSS
Exploits1References5Affected Software1
Prion
Prion
•added 2017/01/14 7:59 a.m.•32 views

Design/Logic Flaw

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big PTB messages. The scope of this CVE is all affected IPv6 implementations from all vendors. The security implications of IP fragmentation have been discussed at length in RFC6274 and RFC7739. An attacker can...

5CVSS7AI score0.02727EPSS
Exploits0References7
Prion
Prion
•added 2017/01/13 4:59 p.m.•32 views

Design/Logic Flaw

NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."...

5CVSS7AI score0.09762EPSS
Exploits0References25Affected Software1
Prion
Prion
•added 2016/12/31 2:59 a.m.•32 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10033. Reason: This candidate is a duplicate of CVE-2016-10033. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-10033 instead of this candidate. All references and descriptions in this...

9.6AI score0.99714EPSS
Exploits59
Prion
Prion
•added 2016/12/13 9:59 p.m.•32 views

Design/Logic Flaw

mysqldsafe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when...

6.9CVSS6.2AI score0.04313EPSS
Exploits18References15Affected Software4
Prion
Prion
•added 2016/11/10 6:59 a.m.•32 views

Privilege escalation

The Common Log File System CLFS driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted...

9.3CVSS7.4AI score0.12625EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2016/09/26 7:59 p.m.•32 views

Design/Logic Flaw

Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service memory consumption via large OCSP Status Request extensions...

7.8CVSS7.1AI score0.63029EPSS
Exploits2References62Affected Software3
Prion
Prion
•added 2016/09/25 11:0 a.m.•32 views

Memory corruption

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766,...

6.8CVSS8.7AI score0.02065EPSS
Exploits0References10Affected Software4
Prion
Prion
•added 2016/09/17 9:59 p.m.•32 views

Design/Logic Flaw

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

5CVSS7.9AI score0.11402EPSS
Exploits1References10Affected Software1
Prion
Prion
•added 2016/08/10 2:59 p.m.•32 views

Authentication flaw

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate...

5CVSS7.6AI score0.14596EPSS
Exploits0References18Affected Software3
Prion
Prion
•added 2016/08/07 10:59 a.m.•33 views

Design/Logic Flaw

splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...

7.5CVSS8.3AI score0.15484EPSS
Exploits5References12Affected Software4
Prion
Prion
•added 2016/08/07 10:59 a.m.•32 views

Out-of-bounds

gdinterpolation.c in the GD Graphics Library aka libgd before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted image that is mishandled by...

6.8CVSS7.9AI score0.03834EPSS
Exploits1References12Affected Software1
Prion
Prion
•added 2016/08/06 8:59 p.m.•32 views

Race condition

Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...

1.9CVSS6.5AI score0.00269EPSS
Exploits0References11Affected Software1
Prion
Prion
•added 2016/08/05 3:59 p.m.•32 views

Design/Logic Flaw

openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal...

1.9CVSS6.3AI score0.00369EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2016/07/25 2:59 p.m.•32 views

Design/Logic Flaw

Integer signedness error in the simplestringaddn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other...

7.5CVSS8.1AI score0.06271EPSS
Exploits1References14Affected Software1
Prion
Prion
•added 2016/07/13 1:59 a.m.•32 views

Information disclosure

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka ".NET Information Disclosure...

5CVSS6.8AI score0.24665EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2016/07/13 1:59 a.m.•32 views

Memory corruption

The Microsoft 1 JScript 5.8 and 9 and 2 VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption...

9.3CVSS8.1AI score0.18778EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2016/07/06 2:59 p.m.•32 views

Code injection

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service secondary DNS server crash via a large AXFR response, and possibly allows IXFR servers to cause a denial of service IXFR client crash via a large IXFR response...

4CVSS6.6AI score0.40536EPSS
Exploits1References11Affected Software2
Prion
Prion
•added 2016/07/03 9:59 p.m.•32 views

Design/Logic Flaw

IBM Spectrum Protect formerly Tivoli Storage Manager 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and...

2.1CVSS6.4AI score0.00304EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2016/06/10 3:59 p.m.•32 views

Xxe

XML external entity XXE vulnerability in XmlMapper in the Data format extension for Jackson aka jackson-dataformat-xml allows attackers to have unspecified impact via unknown vectors...

7.5CVSS7.1AI score0.0278EPSS
Exploits0References1Affected Software2
Prion
Prion
•added 2016/06/10 3:59 p.m.•32 views

Stack overflow

Stack-based buffer overflow in the clntudpcall function in sunrpc/clntudp.c in the GNU C Library aka glibc or libc6 allows remote servers to cause a denial of service crash or possibly unspecified other impact via a flood of crafted ICMP and UDP packets...

4.3CVSS7.9AI score0.03922EPSS
Exploits0References11Affected Software4
Prion
Prion
•added 2016/06/05 11:59 p.m.•32 views

Code injection

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...

6.8CVSS6.6AI score0.01849EPSS
Exploits1References10Affected Software9
Prion
Prion
•added 2016/06/01 8:59 p.m.•32 views

Cross site request forgery (csrf)

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request...

7.5CVSS7.9AI score0.98518EPSS
Exploits19References9Affected Software1
Prion
Prion
•added 2016/05/22 1:59 a.m.•32 views

Cross site scripting

Cross-site scripting XSS vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714...

3.5CVSS5.5AI score0.06389EPSS
Exploits2References8Affected Software1
Prion
Prion
•added 2016/05/20 11:0 a.m.•32 views

Integer overflow

Integer overflow in the phprawurlencode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service application crash via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this...

5CVSS7.3AI score0.05719EPSS
Exploits1References18Affected Software1
Prion
Prion
•added 2016/05/16 10:59 a.m.•32 views

Type confusion

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the 1...

10CVSS9.8AI score0.10724EPSS
Exploits5References9Affected Software7
Prion
Prion
•added 2016/05/16 10:59 a.m.•32 views

Code injection

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument load method, 2 the xmlwriteropenuri function, 3 t...

6.4CVSS7.1AI score0.03439EPSS
Exploits1References10Affected Software8
Prion
Prion
•added 2016/05/10 7:59 p.m.•32 views

Cross site request forgery (csrf)

clientside.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request...

5CVSS6.9AI score0.79969EPSS
Exploits0References13Affected Software3
Prion
Prion
•added 2016/03/13 6:59 p.m.•32 views

Integer overflow

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free by leveraging mishandling of end tags, as demonstrated by...

6.8CVSS8.2AI score0.31046EPSS
Exploits8References25Affected Software7
Prion
Prion
•added 2016/03/13 6:59 p.m.•32 views

Design/Logic Flaw

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...

6.8CVSS8.8AI score0.02278EPSS
Exploits0References26Affected Software7
Prion
Prion
•added 2016/01/20 5:59 a.m.•32 views

Null pointer dereference

The processenvvars function in elf/rtld.c in the GNU C Library aka glibc or libc6 before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LDPOINTERGUARD environment variable...

2.1CVSS6.4AI score0.0057EPSS
Exploits1References15Affected Software1
Prion
Prion
•added 2016/01/19 5:59 a.m.•32 views

Design/Logic Flaw

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/splarray.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field...

7.5CVSS8.1AI score0.05153EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities5000