Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2020/08/07 4:15 p.m.•41 views

Information disclosure

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

4.3CVSS8.4AI score0.58716EPSS
Exploits2References26Affected Software12
Prion
Prion
•added 2020/05/19 2:15 p.m.•41 views

Design/Logic Flaw

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral...

5CVSS8.2AI score0.10593EPSS
Exploits1References13Affected Software2
Prion
Prion
•added 2020/04/15 3:15 p.m.•41 views

Remote code execution

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could...

6.8CVSS8.3AI score0.69166EPSS
Exploits1References1Affected Software5
Prion
Prion
•added 2020/04/02 12:15 a.m.•41 views

Code injection

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL...

5.8CVSS6.3AI score0.56691EPSS
Exploits0References27Affected Software12
Prion
Prion
•added 2020/02/07 5:15 a.m.•41 views

Buffer overflow

Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,...

9.4CVSS9.1AI score0.00876EPSS
Exploits0References1
Prion
Prion
•added 2020/01/17 12:15 a.m.•41 views

Input validation

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

7.6CVSS8.2AI score0.88077EPSS
Exploits2References44Affected Software31
Prion
Prion
•added 2019/07/23 11:15 p.m.•41 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4CVSS4.8AI score0.02008EPSS
Exploits0References5Affected Software6
Prion
Prion
•added 2019/05/16 7:29 p.m.•41 views

Remote code execution

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-089...

9.3CVSS8AI score0.2021EPSS
Exploits0References1Affected Software5
Prion
Prion
•added 2019/03/05 11:29 p.m.•41 views

Remote code execution

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604...

6.5CVSS9.5AI score0.99913EPSS
Exploits29References2Affected Software3
Prion
Prion
•added 2018/11/07 2:29 p.m.•41 views

Design/Logic Flaw

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affec...

5.8CVSS6.4AI score0.09801EPSS
Exploits1References14Affected Software5
Prion
Prion
•added 2018/09/14 7:29 a.m.•41 views

Code injection

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

7.5CVSS9.5AI score0.01658EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2018/08/01 6:29 p.m.•41 views

Design/Logic Flaw

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

5CVSS8.4AI score0.213EPSS
Exploits0References41Affected Software4
Prion
Prion
•added 2018/07/18 1:29 p.m.•41 views

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4CVSS4.8AI score0.02EPSS
Exploits0References4Affected Software1
Prion
Prion
•added 2018/06/23 11:29 p.m.•41 views

Heap overflow

finishstab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump...

7.5CVSS8.9AI score0.04505EPSS
Exploits1References6Affected Software2
Prion
Prion
•added 2018/06/12 12:29 p.m.•41 views

Design/Logic Flaw

In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to creat...

6.8CVSS7.3AI score0.02342EPSS
Exploits0References12Affected Software2
Prion
Prion
•added 2018/02/06 3:29 p.m.•41 views

Deserialization of untrusted data

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

7.5CVSS9.1AI score0.37925EPSS
Exploits7References60Affected Software17
Prion
Prion
•added 2017/12/07 6:29 p.m.•41 views

Design/Logic Flaw

httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...

9.3CVSS8.6AI score0.77823EPSS
Exploits12References4Affected Software1
Prion
Prion
•added 2017/08/23 5:29 p.m.•41 views

Code injection

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code...

7.5CVSS9.7AI score0.83476EPSS
Exploits8References4Affected Software1
Prion
Prion
•added 2017/07/11 9:29 p.m.•41 views

Remote code execution

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570...

9.3CVSS7.9AI score0.89889EPSS
Exploits14References3Affected Software3
Prion
Prion
•added 2017/07/10 4:29 p.m.•41 views

Remote code execution

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...

7.5CVSS7.8AI score0.99461EPSS
Exploits42References7Affected Software1
Prion
Prion
•added 2017/06/15 1:29 a.m.•41 views

Remote code execution

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK fil...

9.3CVSS8.6AI score0.90026EPSS
Exploits20References5Affected Software4
Prion
Prion
•added 2017/05/23 4:29 a.m.•41 views

Null pointer dereference

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic...

7.5CVSS7.3AI score0.07489EPSS
Exploits0References33Affected Software23
Prion
Prion
•added 2017/04/24 7:59 p.m.•41 views

Design/Logic Flaw

Vulnerability in the Oracle Scripting component of Oracle E-Business Suite subcomponent: Scripting Administration. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network...

7.5CVSS8.3AI score0.15784EPSS
Exploits5References5Affected Software1
Prion
Prion
•added 2016/12/13 4:59 p.m.•41 views

Heap overflow

Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^?P=B?P=B?J:?Pc?Pa?P=BWGXCREDITS/, a different vulnerability than CVE-2015-8384...

7.5CVSS8.2AI score0.09157EPSS
Exploits1References6Affected Software2
Prion
Prion
•added 2016/09/25 10:59 a.m.•41 views

Memory corruption

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767,...

6.8CVSS8.7AI score0.02065EPSS
Exploits0References10Affected Software4
Prion
Prion
•added 2016/09/25 10:59 a.m.•41 views

Design/Logic Flaw

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

7.5CVSS7.5AI score0.55724EPSS
Exploits0References6Affected Software2
Prion
Prion
•added 2016/04/13 5:59 p.m.•41 views

Type confusion

The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...

4.3CVSS6.7AI score0.02697EPSS
Exploits0References12Affected Software4
Prion
Prion
•added 2016/04/12 2:0 a.m.•41 views

Out-of-bounds

The netchecksumcalculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service out-of-bounds heap read and crash via the payload length in a crafted packet...

3.6CVSS6.3AI score0.00564EPSS
Exploits0References16Affected Software11
Prion
Prion
•added 2015/06/09 6:59 p.m.•41 views

Stack overflow

Multiple stack-based buffer overflows in the pharsetinode function in pharinternal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a 1 tar, 2 phar, or 3 ZIP archive...

7.5CVSS8.2AI score0.38434EPSS
Exploits1References21Affected Software11
Prion
Prion
•added 2015/04/08 6:59 p.m.•41 views

Directory traversal

Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive...

5.8CVSS6.9AI score0.03835EPSS
Exploits1References10Affected Software2
Prion
Prion
•added 2015/03/09 12:59 a.m.•41 views

Design/Logic Flaw

Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's main thread, relate...

7.5CVSS8.1AI score0.02565EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2015/03/02 11:59 a.m.•41 views

Design/Logic Flaw

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a parenthesized module template expression in the salgname field, as demonstrated by the vfataes expression, a different vulnerability than...

2.1CVSS6.2AI score0.00716EPSS
Exploits1References19Affected Software4
Prion
Prion
•added 2014/12/01 3:59 p.m.•41 views

Directory traversal

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. dot dot in a resource URI...

5CVSS7AI score0.25082EPSS
Exploits6References5Affected Software1
Prion
Prion
•added 2014/09/25 1:55 a.m.•41 views

Design/Logic Flaw

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

10CVSS7.7AI score0.99999EPSS
Exploits139References160Affected Software1
Prion
Prion
•added 2014/07/17 5:10 a.m.•41 views

Design/Logic Flaw

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is...

9.3CVSS5.6AI score0.05233EPSS
Exploits1References14Affected Software5
Prion
Prion
•added 2014/04/27 10:55 p.m.•41 views

Null pointer dereference

The perltrapdhandler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service snmptrapd crash via an empty community string in an SNMP trap, which triggers a NULL pointer dereference...

4.3CVSS6.9AI score0.03283EPSS
Exploits0References11Affected Software1
Prion
Prion
•added 2013/08/14 1:49 p.m.•41 views

Sql injection

SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATHINFO to index.php...

7.5CVSS8.9AI score0.03169EPSS
Exploits6References5Affected Software1
Prion
Prion
•added 2013/06/18 10:55 p.m.•41 views

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different...

10CVSS6.2AI score0.98704EPSS
Exploits22References26Affected Software2
Prion
Prion
•added 2013/01/30 12:0 p.m.•41 views

Sql injection

lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...

7.5CVSS8.7AI score0.99449EPSS
Exploits22References11Affected Software2
Prion
Prion
•added 2013/01/13 10:55 p.m.•41 views

Type confusion

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

7.5CVSS7.6AI score0.99449EPSS
Exploits21References14Affected Software3
Prion
Prion
•added 2012/06/22 2:55 p.m.•41 views

Race condition

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

4.3CVSS6.7AI score0.046EPSS
Exploits3References7Affected Software2
Prion
Prion
•added 2012/05/03 10:55 p.m.•41 views

Design/Logic Flaw

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690...

6.8CVSS5.4AI score0.0374EPSS
Exploits0References10Affected Software7
Prion
Prion
•added 2012/01/18 10:55 p.m.•41 views

Design/Logic Flaw

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101...

4CVSS5.5AI score0.03006EPSS
Exploits0References10Affected Software1
Prion
Prion
•added 2011/05/03 10:55 p.m.•41 views

Design/Logic Flaw

Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

6.8CVSS7.5AI score0.01647EPSS
Exploits2References10Affected Software4
Prion
Prion
•added 2011/02/10 4:0 p.m.•41 views

Memory corruption

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability,...

9.3CVSS7.7AI score0.2752EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2010/12/29 6:0 p.m.•41 views

Design/Logic Flaw

The bcmconnect function in net/can/bcm.c aka the Broadcast Manager in the Controller Area Network CAN implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensiti...

2.1CVSS5.9AI score0.00496EPSS
Exploits2References11Affected Software1
Prion
Prion
•added 2010/07/22 5:43 a.m.•41 views

Code injection

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted 1 .LNK or 2 .PIF shortcut file, which is not properly handled during icon display in Windows Explorer...

9.3CVSS7.3AI score0.91324EPSS
Exploits15References14Affected Software3
Prion
Prion
•added 2010/05/21 5:30 p.m.•41 views

Command injection

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247...

3.6CVSS6.2AI score0.01768EPSS
Exploits3References12Affected Software1
Prion
Prion
•added 2010/04/01 10:30 p.m.•41 views

Privilege escalation

The memory-management implementation in the Virtual Machine Monitor aka VMM or hypervisor in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allo...

9.3CVSS8.2AI score0.28163EPSS
Exploits1References4Affected Software2
Prion
Prion
•added 2010/01/12 5:30 p.m.•41 views

Code injection

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to 1 cause a denial of service temporary network outage via a packet with a crafted size, in conjunction with...

7.8CVSS6.4AI score0.05889EPSS
Exploits3References30Affected Software2
Total number of security vulnerabilities5000